One of the most difficult issues that in all security profession is the ever so elusive buy-in from the executive suite and/or client. Here are some talking points that we have noticed help in that tense negotiations.
We by no means feel like our way is the only way or that doing our way will get you over that hump of being turned down. We are just giving you some things we have learned so that way you can learn from our mistakes.
The first thing you must be able to get a crossed is the number one thing that business understands. This being MONEY. If you can relay to the decision-makers about the monetary benefits as well as the monetary risks as soon as you are able to in a kick-off call or a first meeting what ever it may be if you are able to show them the money you will get further faster. Getting buy-in is essential for security measures. This is because information, assets, and intellectual property (cyber and physical) are very important for almost all if not all organizations, one might assume that executives embrace and support a good asset protection program. However, this is quite difficult because the intangible nature of some assets to get your message to the decision-makers.
Some talking points for gaining the approval/monetary aid required for your task at hand are:
- loss of company reputation/image or public views
- loss of competitive advantage in one or multiple products/services
- reduced returns or profits
- loss of core business technology or process
After talking about the issues at hand with the loss of this information you must find a way to mitigate the risks that you have outlined. This could be done with a in-house team of professionals from multiple areas like Security, IT, HR, and Finance all these groups are important in helping and mitigating risk. If for what ever reason your company does not have these policies or procedures in place or even if you know there is risk but do not know how to express it to the decision-makers you may need to get in contact with a professional like T.A.MINOR or another reputable professional that is there for you and not to sell and make a commission on you. A professional that is just there for you and your organization when it comes to finding the right solution for you from the right people.