Nov 28, 2018

7 Ways to Advocate for Increased Cybersecurity at Your Workplace

Did you know that cyber attacks are now the third biggest threat to humanity after natural disasters and extreme weather? The stakes are high, especially at your business. Cyber threats abound, and while most companies intuitively sense that they need to tighten security measures, many have tightened their belts against these expenses when more palpable operational priorities take precedence.

This is a big mistake. The National Cyber Security Alliance tells us that 60% of small- and medium-sized businesses that suffer a cyber attack go out of business within six months of the event. Larger companies may not succumb as easily, but they endure tainted reputations as well as stiff penalties and fines.

The 2018 Global Information Security Survey shows that 89% of companies worldwide believe that their “cybersecurity function does not fully meet their organization’s needs.”

If you’d like your company to strengthen their cybersecurity efforts by partnering with experts in this field or purchasing hardware or software to counteract threats, here are seven effective ways to present your case for increased cybersecurity in the workplace:

1. Start with Statistics: It’s hard to argue with facts. Cybersecurity statistics are especially convincing. Ponemon’s report on “The True Cost of Ransomware” shows that employees unable to work are the biggest financial drains incurred from a data breach. Compromised networks and non-working computers force employees to be idle for long periods of time. While the attack might cost $5 million to fix, this includes $1.25 million (25%) in system downtime and $1.5 million (30%) in IT and end user productivity loss.

2. Know your Audience: If you’re addressing the C-suite, Board of Directors or colleagues in other executive positions, make your points vis-à-vis the company’s financial health. At these levels, bottom lines and business-building functions take top priority. Since cyber threats pose serious risks to both, you’ll want to make that important point. Consider your language here, too. If you avoid technical jargon like “incidents detected” and substitute “anticipated savings” and “prevented monetary loss” instead, you’ll be speaking their language.

3. Clarify Costs and Benefits: Leverage a cost-benefit analysis to sell the proposed benefits of the cybersecurity measures that you’re recommending. While your expertise may be within IT, your colleagues may be focused elsewhere. It’s your responsibility to educate them on the potential costs and benefits of a cybersecurity upgrade. Can you make the case for 30% increased resiliency? You can use the NIST Cybersecurity Framework to help determine your specific goal.

4. Cover Compliance: If your industry must adhere to certain rules of compliance, proving that these new cybersecurity measures will ensure compliance goes a long way towards getting buy-in. Regulations like HIPAA, HITECH and others can cause serious issues if not addressed properly by your business.

5. Provide a Cybersecurity Snapshot: By assessing your current cybersecurity measures and providing penetration and breach opportunity statistics, you’ll reveal the vulnerabilities that can be exploited at any moment. Prioritize these risks by order of importance and present workable cybersecurity solutions to address and overcome them.

6. Tap a Third-Party Opinion: If you’re having trouble making your case for a cybersecurity upgrade, it can be helpful to have a third party weigh in with an audit or other non-partial analysis. You can deploy a security consultant, and the ROI will more than justify the effort since these reports generally carry more weight in the recipients’ eyes.
7. Leverage a Leave Behind: Create a report in layman’s terms that can be easily shared to eliminate any potential confusion as your pitch makes it through the ranks. You may not be at the next crucial meeting, so you’ll need this document to persuade for you.

You already know how critical strong cybersecurity in the workplace is. If you need additional resources to help your company get on board for increasing safety and security in the workplace, we’re here to help.