Overcoming IT Budget Planning Obstacles for Risk-minded CIOs

BrandPost By Steve Hall
Sep 01, 2015

Simply asking for money rarely yields meaningful results.

screen shot 2015 08 31 at 6.11.20 pm

IT budget planning is quickly flying at IT leaders for next year, but are we ready? How leaders prioritize information security amongst all the other demands of the business is paramount in today’s cybersecurity landscape.

Understandably, the continued uptick of highly publicized breaches has increased awareness and interest in cyber security – not just within IT, but at the board level as well. This is especially true considering how recent breaches have impacted CISO, CEO and other C-level executives at top-level organizations. While no leadership team wants to make headline news, continually relying on a chicken little, sky-is-falling approach will eventually fall on deaf ears.

This does not mean that CISOs need to struggle when funding security initiatives. The path to a well-funded strategy becomes much clearer when CISOs arm themselves with proven practices.

Understand the industry. Each industry has its own benchmarks for security spending, and no organization wants to find itself in a position where spending is significantly out-of-line with industry peers. Leveraging third party resources can help by showing leadership the normal spend levels within the industry. Analyst reports can also prove very helpful in bolstering the business case. This can set spending expectations and provide valuable insight into what actions or investments surface as most meaningful within the sector.

Provide clarity. While having access to benchmarks plays a key role in helping CISOs keep the budget in line with peer organizations, leadership will understandably want a clear picture of how the business is investing. This is why it’s crucial that CISOs build an easy to understand investment strategy that outlines exactly where the organization intends to spend its allotment and what the return on that spend will be. The goal here is to first gain an understanding of where the organization falls short today, as well as document and communicate strengths. CISOs need to be able to address how current security investments are performing, not just what the gaps are. This is where having something as simple as a security report card can effectively demonstrate security progress in language and terms that the organization’s leaders can understand. It also helps in building an incremental plan to clearly outline how the organization can improve security.

Continually communicate. The only way to truly understand what others in the business value is to keep an open line of communication. The more CISOs interact with line of business leaders and senior management, the easier it will be to secure and maintain the necessary budget. Never underestimate the importance of providing others with a real world understanding of security. After all, people are far more comfortable making investments in areas they understand and appreciate.

Bottom line, CISOs must be able to communicate the value that existing security investments provide in addition to where gaps exist. Doing this will increase trust and increase your likelihood of success when asking for an uptick in resources. 

Use these top three IT budget planning strategies to overcome the most common budgeting obstacles and secure the necessary funding to promote a healthy security assurance program.