You might be asked by your CFO to think about creative ways to save money and help the company conserve its precious cash while minimizing the risk associated with remote work. This might sound like an unsolvable problem for many CISOs and a tough discussion for you to have with your CFO, but it doesn’t have to be that way.
Consider using rapid risk assessments to:
Ditch what doesn’t work (and save money)
This happens to many cybersecurity programs. As new security threats emerge, we swiftly implement new solutions but the same intensity does not go into evaluating the effectiveness of those solutions over time. And they pile up, and so goes the cost.
In that pile, may lie several opportunities for cost take-out. Conducting cost-benefit analyses can help uncover those opportunities, where the possible risk reduction does not justify the magnitude of that investment.
The current crisis might force you to look harder at the ROI of every initiative and help conserve cash, but why not make it a systematic process and improve the cost-effectiveness of your program over time? We know of some CISOs who made it an annual objective for their cyber risk management teams to uncover one or two expensive tools that could be safely eliminated.
Contact Us to learn more about cost take-out analyses
Securely support a remote workforce
With work-from-home (WFH) policies entering into effect due to the coronavirus crisis, many CISOs are being asked to support a remote workforce. We have seen two themes suddenly emerge:
Assessing the probable loss exposure related to a WFH policy and measuring the effectiveness of various controls in reducing the associated risk, will help you answer questions on how best to address these situations. Our Professional Services team has conducted many such assessments using the RiskLens platform that benefitted our customers, allowing them to make well-informed, cost-effective decisions to securely support their remote workforce.
To help companies adapt to the crisis, we are now offering for a 30-day period to conduct such risk assessments for companies at no cost and to waive the requirement for the beneficiaries of those WFH assessments to pay for the use of the RiskLens software.
Contact Us to get a free WFH risk assessment
Justify cybersecurity projects to your CFO
The uncertain economic outlook for many companies led many CFOs to tighten the criteria for approving new investments, with the goal of minimizing expenses and conserving cash throughout the crisis. Justifying cybersecurity projects gets harder, as only projects that are tied to a clear and proven business case get approved.
Speaking in terms of addressing threats and vulnerabilities is often no longer sufficient. What the CFO needs to hear is whether doing or not doing a certain project will have an impact on the bottom line, and by how much. Quantitative risk assessments that articulate risk in financial terms help CISOs speak the language of the CFO and demonstrate how effective a certain investment can be in terms of risk reduction. They can then decide whether the current risk can be accepted by the company, and if not, what the best risk mitigation options are, at what cost.
Such cost-benefit analyses change the narrative related to the justification of cybersecurity projects, especially for the more expensive ones, and allow the CFO to consider options that the CISO provides from the business perspective, versus trying to understand them based on their technical merits. This ensures that the value provided by these projects is well understood by the CFO and by the other business executives and elevates the CISO's profile as a business executive who happens to be in charge of cybersecurity.