Business leaders and security leaders don’t always see eye to eye.
I like to compare the business decision to invest in cybersecurity to a homeowner’s decision to spend money on a fence or a hot tub. Sometimes you know you need a fence, but you really want a hot tub. You can imagine sipping on your favorite beverage and watching the sunset from your hot tub, and when you think of the fence, well …
So how can business leaders and security leaders get on the same page?
I recommend that security leaders directly ask business leaders about their top priorities and goals for the year. It’s extremely important at this point to listen and learn. Based on this information, security leaders can identify risks that might prevent business objectives from being accomplished and plan accordingly.
For example, a top business priority for a company might be to release a new software platform that enables their clients to manage business workflows online. In this case, both security leaders and business leaders will want to reduce the probability that attackers can stop critical software from functioning. Once they’ve reached this agreement, a security action plan can be funded and delivered.