The most important part of communication begins with understanding your audience, and the reality is that business owners and security experts approach their responsibilities from very different places. Business owners tend to see people like us as “propeller heads,” while we’re apt to envision them as making cave paintings in their free time.
Despite this disconnect, we still need resources, and it is the business owners who control how those resources are allocated. It’s essential to put our best foot forward and attempt to communicate in a language that they will understand.
As security experts, we take a highly technical view in how we approach our needs, but a technical case is going to fly over most executives’ heads. They don’t think in terms of failover clusters or indicators of compromise—they think in terms of return on investment and bottom line results.
When we see a security issue, pointing it out as such isn’t enough—leadership is likely willing to roll the dice when they don’t properly understand the stakes. Your job in securing funding is to express the repercussions of exposure in the language of business. To help them comprehend the stakes of not investing in security.
To do this, we only have to follow the effects of a breach to their logical conclusion. A data breach means lost reputation, lost customers and the high threat of litigation—things any business owner worth their salt will recognize as entirely incompatible with their goals.
So, the most effective way to secure funding for security needs is to demonstrate why they are needs. Regulatory compliance is a great starting point, but it’s your job as a security expert to communicate how compliance is only a small part of security. A business’ health directly relies upon the security of its information, and the quicker you can get leadership to understand that—and make your case for the security paradigm you believe is best—the quicker you can have the resources necessary to truly protect your information.