"But we never had a problem before! We might as well cut the security and back-up budget for next year."
IT is one of those things that when it is running perfectly fine, no one thinks about it and instead they start to question why they are spending so much money on various services. But it is BECAUSE you are spending that money that it is running so smoothly. The allure to cut some corners and hire cheaper, less trained employees and cut back on security to save money is a big problem.
It's such a pain in the ass presenting and justifying budget requests when the people who decide only see $$$. It's always "Why do you need this much? We've been doing fine the last couple of years.". The only way to get them to understand is to talk to them in $$$-speak. Like, "This is the amount of the money and reputation you are risking to lose if something happens because we didn't spend for this."
You have to talk-the-talk.
You don't talk about Gigabytes and megabits-per-second and megawatts with sales people and executives. You need to turn things around and talk in terms of money and man-power. If it frustrating that you have to do that, but it is the best way to get through to people.
There is no finite dollar value associated with security breaches so there isn't exactly a way to quantify it. Intangible benefits that are difficult to express in dollar values are often hard to present to one-dimensional money managers.
"But we never had a problem before! We might as well cut the security and back-up budget for next year."
IT is one of those things that when it is running perfectly fine, no one thinks about it and instead they start to question why they are spending so much money on various services. But it is BECAUSE you are spending that money that it is running so smoothly. The allure to cut some corners and hire cheaper, less trained employees and cut back on security to save money is a big problem.
It's such a pain in the ass presenting and justifying budget requests when the people who decide only see $$$. It's always "Why do you need this much? We've been doing fine the last couple of years.". The only way to get them to understand is to talk to them in $$$-speak. Like, "This is the amount of the money and reputation you are risking to lose if something happens because we didn't spend for this."
You have to talk-the-talk.
You don't talk about Gigabytes and megabits-per-second and megawatts with sales people and executives. You need to turn things around and talk in terms of money and man-power. If it frustrating that you have to do that, but it is the best way to get through to people.
There is no finite dollar value associated with security breaches so there isn't exactly a way to quantify it. Intangible benefits that are difficult to express in dollar values are often hard to present to one-dimensional money managers.
[ in Moss' voice ] they never remember us!