By Steve Rushin, below, Enterprise Sales Director, Red Helix
The challenge facing many c-suites is that cyber security has evolved into an incredibly complex market. It is so complex that vendors, solution providers and internal IT departments struggle to convey the details of why a solution should be introduced. This, in turn, makes it difficult for decision makers to find the right solution.
In the UK alone, the cyber security market has now reached an annual revenue of £10.5 billion, with a multitude of vendors offering a variety of products. Each product then comes with its unique set of technicalities, features and jargon. For someone with a master’s in cyber security and years working within the IT space, these details may be informative. For the majority though, including the executives that need to understand the strategic implications of the product, they simply don’t have the time to invest in keeping on top of the technical terminology being used.
Arguably though, they shouldn’t need to understand the finer details. In the same way people don’t need to know the inner workings of a combustion engine to get value out of a car. What the c-suite do need to know is how a security tool will benefit and protect the company, and whether it is cost-effective and efficient.
To make cyber security more consumable for the c-suite the focus ought to be on the output of a tool, rather than the technicalities within, which can be broken down into three key points.
- Risk Reduction
When introducing cyber security solutions to the c-suite, it is vital to emphasise what threats are most relevant to the organisation and how the proposed solution will help mitigate them. Presenting tools and services in terms of their effectiveness in preventing data breaches, financial losses and reputational damage – instead of focussing on the technical aspects of them – will provide executives with a far better understanding of the value and necessity of a proposition.
For instance, rather than discussing the data encryption algorithms used within a product, it is more beneficial to highlight how its implementation will safeguard sensitive data and ensure continuity of business operations.
- Alignment with business objectives
Cyber security should not be seen as a standalone entity. It is a fundamental business component that must align with the wider company objectives and any solutions under consideration must be presented as such.
If, for example, an organisation’s objectives see it migrating to the cloud (which is often the case for those looking to increase innovation or reduce time to market) then the focus should be on how a security tool can ensure a smooth and secure transition. If the business is expanding into new territories, then the focus should be on the tools ability to keep any new branches secure, compliant with regional legislation and integrated with other locations.
This helps illustrate how security measures relate to company goals and act as enablers for business growth and success.
- Return on investment
Cyber security investments can be substantial, and the c-suite invariably needs to see value. It is paramount to showcase both tangible and intangible returns, to paint a holistic picture of the benefits accrued from robust security measures.
Tangible benefits can include the likes of cost savings from avoiding data breaches, reduced risk of regulatory fines and operational efficiencies. Intangible benefits, on the other hand, might focus on brand reputation, increased customer trust and employee morale and confidence.
As the technological landscape is evolving quicky, it is also important to outline the longevity of a solution, explaining how a solution can adapt to emerging threats and align with future business developments.
This will help executives to understand the long-term value and reliability of an investment, ensuring it is not just a temporary fix but a strategic component supporting the company’s future. By linking these benefits to the company’s bottom line and overall reputation, executives can better evaluate the ROI in the same way that they will consider any other investment.
Cutting through the noise
As the threat landscape continues to grow, the importance of making cyber security more consumable should not be understated. Complex jargon and detailed technicalities can quickly impede decision-making due to a lack of understanding, which may prevent vital cyber security initiatives from receiving the support they need.
Arguably this jargon has been used by some to purposefully obfuscate what their services and solutions do and to heighten the fear factor in this already emotive area of business. But given the ever-growing threat posed by cyber crime, this needs to change, and we must commit to explaining our services in terms of what they can do for you as simply as possible.
Not only does this enable executives to make more informed decisions on resource allocation and risk management, but it also fosters a more comprehensive understanding of the important role cyber security plays in achieving overall business success.