Enterprises rely on security leaders for a lot, but Resolver’s own survey of corporate security leaders conducted last fall indicates they’re dissatisfied with their toolsets. Part of the problem could be these leaders’ professional backgrounds. While typically strong on safety and security, the strengths they bring may not include building the business case for funding their initiatives in a corporate setting. Security leaders can, however, align themselves more closely to organizational goals and gain support to upgrade toolsets—and keep up with evolving threats.
The good news? Skills to develop compelling funding proposals and win support for increasing corporate security budgets won’t be hard to master. This article provides advice to:
- Build support among peers and superiors.
- Attain sponsorship for security technology investment that’s in line with corporate security’s value.
- Navigate the business case development and funding approval procedures like a department budget-setting process common to most corporations.
Security metrics play a significant role in shaping proposals for funding; see our companion post on gathering metrics.
Cultivating Relationships
Alliances are essential to developing programs and getting them funded. Relationships with business unit leaders and functional department heads (think IT and Finance) provide several advantages:
- More insight into how the business operates and creates value.
- A better sense of where weaknesses exist in facilities and processes.
- Knowledge about how funds get allocated within the organization.
- Peer-level support for corporate security proposals.
Mastering the Funding Process
Most organizations have formal processes to allocate funds to the operations and projects of different departments. Businesses typically undergo planning efforts tied to fiscal calendars, and start planning for the following year about halfway through the current one. Usually, organizations provide templates for proposing annual budgets for day-to-day operations and for projects like security technology acquisitions. In addition to a formal proposal document, there will likely be opportunities to present the business case in one or several forums. Often, there’s a template for those presentation slides as well.
- For ongoing operations, budgeting involves reviewing current expenditures, considering changing costs and needs, and forecasting for the year to come.
- For projects, budgeting involves gathering estimates for services, equipment, and other expenses. If your project will deliver tangible assets, calculations might also include forecasting costs to operate and maintain the asset for a period of years.
Your colleagues in finance and information technology can support you through the funding process:
- Finance peers are the authorities on getting funding approvals for operating budgets and projects.
- They can provide analytical assistance to develop budget figures. Decision-makers typically look for return on investment, but allies in finance may help you articulate “value on investment” to shift the perception of security as a cost center to security as a value-added business function.
- Processes to get projects funded typically include reviews with finance, followed by one or more steering committees or even the board of directors. The level of approval you need will vary based on the budget amount. Finance reviewers can get your request into shape for executive reviewers.
- Information technology peers generally understand the disciplines required to manage complex projects.
- As colleagues, they can provide an experienced perspective on your funding request and even collaborate on developing project proposals, especially if your project concerns cybersecurity or a system implementation.
- Borrowing information technology project managers for ongoing assistance isn’t unheard of, if security has none on staff.
(For more assistance communicating your team’s value, download our free corporate security business case presentation template.)
Aligning on Strategy
To fund corporate security programs, consider how security relates to business strategy. You can talk with peers in the business to understand their industries and business models, as well as to recognize the tangible assets and intellectual property they rely on to create value.
Then, you can align your strategies to corporate strategies. Consider what assets and processes are essential to business operations. Allocate your security resources according to the likelihood and impact of risk scenarios.
Aligning to corporate strategy will prepare you to demonstrate how your planned expenditures support business needs. Your proposals can tie back to the risks your department is managing for the organization, describe how your department is managing those risks, and quantify benefits to the business.
Capturing Corporate Security Metrics to Show Value
Metrics are essential to building solid proposals and guiding the evolution of corporate security programs. We’ve devoted an entire post to security metrics data. Here, we briefly list some metrics as important inputs to your funding requests:
- Trends and hotspots
- Losses and recoveries
- Resource management
- Risk reduction and safety
- Root cause analysis
Telling the Story: A Narrative for Corporate Security
Building relationships, aligning on strategy, mastering metrics, and understanding the mechanics of funding requests are all important. In addition, you’ll want to engage decision-makers with a compelling story to communicate security’s value to the organization.
Templates for budget proposals will no doubt include sections to articulate the benefits of each request. Use the proposals to communicate:
- How your request promotes security culture throughout the organization.
- How your request supports security goals through daily, weekly, monthly, and annual activity.
- How the security function elevates awareness of risk preparedness, safety, and security throughout the organization.
- Recent accomplishments of your team—to demonstrate security’s value and effectiveness.
Your messages regarding corporate security’s value are worth repeating: recap the benefits of your department and projects—the same benefits mentioned in the request—in presentations, emails, and even hallway conversations to amplify your value message and build support for your initiatives.
Here’s where security differs from other functions: executives must be made to understand the risks they assume when they decline your funding requests. When corporate security initiatives don’t get funded, security suffers. Be sure to spell out any risks executives will incur by not funding your initiatives. Back these points with data whenever possible.
Making the Request
Most effective requests describe a current situation or problem, backed by metrics. For example:
Corporate security has grown its scope from 100 incidents per year to over 4,000 incidents per year. Administrative activity occupies five percent of overall staff time, which distracts from value-added security activity. As a result, the function struggles to gain insights and report on the effectiveness of our programs.
Describe how the current situation or problem is impacting security:
Corporate security team members spend excessive hours manually capturing incident information. Current tools don’t provide holistic views of incidents, precluding analysis of trends and targeting of hot spots.
Then, describe the value that funding will deliver:
A technology solution to improve incident management and tracking will enable security to identify trends over time and deliver additional insights to measure program effectiveness, support continuous improvement of incident response, and support evolution of security efforts in response to new threats.
Corporate security leaders are dissatisfied with their current tool sets, but funding processes don’t have to be the obstacle to making improvements. By building relationships, aligning with strategy, and mastering metrics, you can articulate security’s value in your funding requests to attain the resources you need to evolve with the threat landscape.
Want to see how Resolver Risk Intelligence Platform might help you better articulate your team’s value? Request a free product software demo today.