Most budget planning is not keeping up with the pace of change in IT & Cyber Security
CFOs & business leaders generally make budget decisions based on an incremental change from prior year - requiring IT leadership to force cyber security into a budget that doesn't reflect the massive increase in risks in the Front-Lines of IT.
The reality is, today's environment is radically more complex and presents levels of risk not seen in prior years or circumstances. Savings in budget today could easily cost millions or tens of millions of dollars in damages later. We need a new approach.
We've found success with bottoms-up budgeting to help provide a truly objective view of the risks and the budget needed to cover them. Start with a blank slate and define vulnerabilities in the following categories:
Many organizations under-invest in people because of a perception that the tech products offer the protection. The reality is that these increasingly sophisticated products do provide increased protection, but require an increasingly savvy team of strategic leadership, engineers and third parties to manage them. Tools & tech are truly only as good as the team who's implementing or managing them.
A CFO & IT leadership prioritization session - that truly takes an objective view - on the risks and the priorities (without the sales pitches) is often most helpful to separate the reality from the overly-optimistic view of most products. Define where there might be integration challenges or shortcomings of current product mix.
Both the IT team and non-IT staff need to know what procedures to follow in terms of every day cyber hygiene, and actions in the event of an urgent incident.
A 5% increase in the Cyber Security budget in most cases simply cannot address the massive increase in risks and complexity of managing IT environments today. A fresh look, preferably from the bottoms-up can go a long way in connecting the CFO and IT leadership around the priorities, the required investment and the true costs of appropriately budgeting - or not budgeting - for Cyber Security.
It often helps to find an IT partner for an assessment, strategy or management. It can be a transformative step in getting your organization to the next level.