Four tips for increasing management buy-in for disaster recovery

When it comes to communicating security issues and the critical threat that cyberattacks and the resulting loss of data pose to businesses, one of the biggest challenges that CISOs continue to face is bridging the gap. considerable knowledge among high-level stakeholders.

Too often, organizations think they have a comprehensive disaster recovery (DR) plan in place, one that accounts for and mitigates all potential risks and ensures sufficient provision for a quick return to “business as usual”. But often the risks in terms of service disruption, loss of revenue, potential supply chain disruption and reputational damage are not fully understood.

With the frequency and impact of cybercrime increasing every year, as well as the inevitability of hardware failures and other failures, it is absolutely essential to have a comprehensive disaster recovery strategy in place and the ability to persuade senior management to increase the budget allocation if necessary.

So, to ensure disaster recovery plans are comprehensive, how can CISOs improve their chances of engaging senior executives with a budget increase before a data center outage affects business? business ?

A starting point is to connect the dots between technology failure and business performance – to reframe technology concerns around potential business impact and loss of business opportunity – and beyond it is to education.

Here are four key strategies for CISOs to consider to provide vital context to address the IT knowledge gap within the C-Suite, to enable better understanding and buy-in to DR budget conversations:

Communicate business impact: Communicate ‘risk mitigation’ and ‘revenue impact’ rather than ‘IT recovery’.

C-level executives preside over mitigating risk as well as protecting and providing revenue opportunities within the business. It is therefore essential for CISOs to adopt the same vocabulary and speak in the same commercial terms that will resonate. When discussing IT recovery plans, security professionals must point out the risks of losing hundreds of thousands of dollars in revenue due to the disruption of a mission-critical application. And the causes of outages must be fully explained and prioritized in terms of likelihood and severity of business impact.

There are hundreds of resources available on this now – along with almost daily news stories highlighting serious business losses and closures – you don’t have to search for companies facing cybercrime outages to find a recent title as an example.

Then ask leaders to assess and prioritize the most critical parts of the business – or the risks they would be willing to mitigate against the risks they are willing to accept.

Ultimately, working closely with C-Suite, security professionals should aim to deliver a scalable program that begins by addressing the most likely and impactful risks.

Business resilience — scratch the term “disaster” from your vocabulary

One of the main issues in communicating technology concerns to a professional audience is the use of appropriate vocabulary and the ability to communicate context.

Tech-rich terminology will immediately turn off those who don’t understand it, and ambiguous references that don’t adequately explain the business impact or daily prevalence of security threats will fall on deaf ears.

In terms of disaster recovery, the word “disaster”, for example, is often associated with low-probability events such as a widespread outage due to an earthquake, flood or act of terrorism, and fails to adequately communicate the prevalence of data loss events.

In reality, however, most downtime is caused by mundane, everyday events such as hardware failure, human error, extreme weather, or power outages. This has become even more the case since the pandemic has led to the widespread adoption of hybrid and work from home. As employees work remotely with increasing frequency, incidents involving employees are on the rise, wreaking havoc on IT environments.

Removing the word “disaster” from conversations with senior management and discussing business resilience in terms of high-probability data loss events, CISOs are much more likely to attract the attention and attention of the C-Suite.

Describe the benefits of business continuity and business growth

While it is important to fully describe and explain the risks of data loss, communicating the benefits of computer recovery will increase the case with C-Suite and, by articulating continuity and growth, will impact and greater leverage to ensure the commitment of additional resources.

Gaining a competitive advantage, meeting supply chain requirements, meeting service level agreements, and meeting regulatory and compliance requirements are just a few to start the conversation. Investigating and providing cost-effective options to improve recovery from downtime can also improve C-Suite uptake, such as Software-as-a-Service partners who offer different levels of application as than service and charge higher prices for the additional benefits of disaster recovery features. Faster recovery means mission-critical and revenue-generating applications remain operational, but the organization can also turn IT recovery into a revenue generator.

Identify specific solutions

Finally, it is important to recommend the specific applications that require an active recovery plan rather than just outlining where management should spend more money on IT recovery. Pointing to a specific, proven, and comprehensive solution that addresses IT recovery needs not only creates better understanding among executives, but also justifies the investment.

In today’s competitive environment, the consequences of data loss for businesses are dire: downtime, lost productivity, and long-term reputational damage significantly harm performance and potential. of the company. Only by ensuring that an organization has a comprehensive, multi-layered approach to IT recovery can CISOs help improve business resilience against high-probability threats and respond quickly when disaster strikes. loss or theft of data.

Obtaining a critical understanding and buy-in of the C-Suite is paramount. Educating them on the impact of data loss on different parts of the business, possible approaches, available products and support partners, and speaking in clear business terms, will provide the knowledge and context needed to secure this critical investment and adherence.

Photo credit: Olivier Le Moal/Shutterstock

Dante Orsini is senior vice president of business development, iland

Comments are closed.