FEATURE
When it comes to communicating security concerns and the critical threat that cyberattacks and subsequent data loss pose to business , one of the core challenges that CISOs continue to face is bridging the considerable knowledge gap among senior level stakeholders .
Too often , organisations believe they have a comprehensive Disaster Recovery ( DR ) plan in place , accounting for and mitigating all potential risks and ensuring sufficient provision for a rapid return to ‘ business as usual ’. But often the risks in terms of interrupted service , loss in revenue , potential supply chain disruption and damage to reputation , are not fully understood .
With the frequency and impact of cybercrime growing each year , as well as the inevitability of hardware failures and other outages , having a comprehensive Disaster Recovery strategy in place and the ability to persuade senior management to increase budget allocation where needed , is absolutely critical .
So , in terms of ensuring Disaster Recovery plans are complete , how can CISOs improve their chances of getting senior executives on board with a budget increase before a data centre interruption impacts the business ?
A starting point is to join the dots between tech failure and business performance – to reframe technology concerns around potential commercial impact and loss of business opportunities – and beyond this it is about education . Here are four key strategies for CISOs to consider that will deliver vital context to address the IT knowledge gap among the C-suite , to enable greater comprehension and buyin to conversations around DR budget :
Communicating commercial impact – Communicate ‘ risk mitigation ’ and ‘ revenue impact ’ over ‘ IT recovery ’
C-level executives preside over risk mitigation and the protection and delivery of revenue opportunity within the business . So , it is critical for CISOs
Dante Orsini , Senior Vice President of Business Development , iland
to adopt the same vocabulary and to talk in the same commercial terms that will resonate . When discussing IT recovery plans , security professionals must highlight the risks of losing hundreds of thousands of pounds in revenue due to the interruption of a mission-critical application . And the causes of outages should be fully explained and prioritised in terms of probability and severity of commercial impact . There are hundreds of resources available around this now – as well as almost daily news stories highlighting severe business loss and closure – you don ’ t have to search hard for companies experiencing cybercrime-
When discussing IT recovery plans , security professionals must highlight the risks of losing hundreds of thousands of pounds in revenue due to the interruption of a missioncritical application . www . intelligentciso . com
37