May 27 2020

Make the Case for Security Spending

Many priorities compete for limited IT budget. Improving communication between IT and business leaders can help ensure security gets what it needs.

Comprehensive cybersecurity is as critical as ever to keeping businesses of all types up and running. And in recent months, security has taken on greater urgency as hackers seek to exploit the added strain on networks and employees’ anxieties in the face of long-term remote-work scenarios. 

Yet even during ordinary times, security often comes up short in the competition for budget dollars. And these are far from ordinary times: Budgets are being squeezed tighter during this period of economic retrenchment.  

Research from CDW and IDG indicates that business leaders expect to devote around 24 percent of their IT budgets to risk mitigation over the next two years. Modernizing IT, improving collaboration and transforming user experiences — all vital priorities for businesses in their own right — are mostly being funded at higher levels.

That’s not necessarily a problem, but if an organization isn’t spending what’s needed to secure data and systems properly, that could be a sign that IT and business leaders aren’t on the same page about their organization’s risk posture.

Aligning Your Organization Around Comprehensive Security

Uniting all stakeholders around a common understanding of the threat landscape — as well as the business’s specific needs, goals and challenges — is often the first step to mitigating risk. But even that discussion won’t have much of an impact if an organization still thinks about technology as somehow separate from its other business objectives — or about security as distinct from its overall technology strategy.

A comprehensive security approach envisions cyberdefense as baked into everything the business does and places responsibility for safeguarding systems and data on every stakeholder: employees, managers and leadership up to the highest level. Even vendors play a role.

Of course, the organization’s processes and technologies also come together to ensure the prevention, detection and remediation of threats is as effective as possible, but no security measure exists in a vacuum. From enabling safe access to the tools remote workers need to be productive to preventing the reputational harm that’s caused by a massive breach, comprehensive security drives business value every step of the way. Ensuring IT and business leaders share in that understanding is vital to achieving security buy-in ahead of budget talks.

More On