Security as a Business Enabler
Throughout my career, I have noticed that security is most often sold using Fear, Uncertainty and Doubt (FUD). However, security is viewed by executives as a sunk cost or an insurance policy based upon the balance of probability that something bad may happen. Threat-risk is difficult to quantify and weigh against business risks, which are measured in 💵. As they say, “If it can’t be measured, it can’t be managed”. There is limited persuasive weight to FUD pitches, in the absence of a clear and present direct threat, or stringent and prescriptive regulations which hold corporate officers or public servants personally liable.
Frame Security as a Business Enabler
Rather, I have found that leading with security as a business enabler resonates more effectively with the C-suite. By this I mean, articulating how security can help:
- increase sales,
- produce valuable business intelligence,
- improve competitiveness,
- derive process efficiencies,
- reduce costs and losses.
If successful, solving for compliance and threats are bonus features to your solution.
An Example in the Canadian Market
A major Canadian Company was subject to substantial capital-at-risk owing to fraud from organized crime, misuse of services by clients, and deliberate cyber attacks by nation states. However, much of this was unseen and off the books. The case for enhanced security was solid but failed to get the attention of C-Suite who were consumed with more obvious business risks like operating costs, quarterly sales, competitive market pressures and pricing regulation.
I got their attention only after I was able to demonstrate, with security instrumentation and concrete examples, where the company could save over a billion dollars, increase sales with market intelligence and recover a hundred million in fraud. An interesting consideration was that security systems were able to detect misconfiguration, bad process flows, financial mismanagement and business inefficiencies on the way to looking for deliberate threats. They also helped management understand a lot more about the business. Similarity, I used business intelligence systems, network health monitoring, call centres and financial monitoring to assist in security investigations.
So here are some ideas for pitching security as a business enabler aimed at specific Strategic Business Objectives:
- Talent Acquisition and Retention [↓]
- Technology Enablement and Process Improvement [↓]
- Business Operations Service Delivery [↓]
- Competitive Business Intelligence [↓]
- Risk Management [↓]
- Business Capture [↓]
- Innovation and Trends [↓]
- Brand Marketing and Communications [↓]
- Strategic Business Planning [↓]
- Business Transformation [↓]
- Network, Supply Chain Management and Critical Dependencies [↓]