“The best way to get management excited about a disaster plan is to burn down the building across the street,” said Dan Erwin, security officer at Dow Chemical. Fortunately or unfortunately, in recent years, management has seen the number (and magnitude) of burnt buildings and has begun understanding that cybersecurity is not the IT issue and cost pit it was once considered to be, but a business issue that seeks to save companies money. In fact, cybersecurity is arguably as necessary to running a business as keeping the lights on, keeping employees productive and trained, and keeping the company legally protected.
Modern organizations have acknowledged the importance of cybersecurity in the business context and have subsequently increased their investments in IT and security. However, as cyber budgets and products increase, so does the duty of management to better understand, manage and optimize their investments.