To Secure Security Funding, Get Quantitative
- When making the case for security funding, it’s often effective to share quantitative information about specific risks that the business faces.
- Business conversations about how best to manage security risks should be ongoing, continuing after the tools have been implemented.
“It’s especially helpful to present security information in the form of metrics and useful data points—after all, when having a conversation with business leaders, numbers provide an effective common language.”
Mike Santos, director of security and information governance at Cooley LLP, believes that when making the case for an investment in endpoint security, it’s best to share actionable information with leadership about the state of your company’s security and its readiness relative to industry standards rather than using a fear-based argument to secure funding. “It’s especially helpful to present security information in the form of metrics and useful data points—after all, when having a conversation with business leaders, numbers provide an effective common language” says Santos.