A lot of the security projects I get involved in are tied to compliance, rather than a desire to implement best practise or seek competitive advantage by being in best in class at privacy and security. That’s a pity, but it’s a reality in business that organisations tend to only do the things that directly make/save money or are compelled to do…:
In 2021 Cyber Security Automation Top Actions, most of the top actions to take are- not surprisingly, tied to budget. That of course is the case with any cyber security or enterprise technology. It’s not just technology of course- budget is the means with which to hire talent with new skillsets- along with any resource needed to defend the organization.
So attaining cyber security budget is an art and science which has evolved over the past few years. FUD (fear, uncertainty and doubt) is no longer the way to gain budget. Noting how budget requests not only reduce risk but enable business to occur are key discussion points to have with the Board. Speaking in the language of the Board is of paramount importance as the “need” for increased overall and ad-hoc budget is always present. Bob Vescio discusses in part on TF7 Radio.