Let’s talk end of year!
Cybersecurity budgets vary across businesses, with some spending millions of dollars each year and others only a small fraction of that. But no matter the size of your client’s cybersecurity budget, there are a few key steps you can take to make sure it’s effective.
Help Your Clients Identify Their Budget
The first step is to identify their budget. The price of cybercrime is different for every business, but there are a few factors that you should consider when creating what their expected spending will be.
Percentage cost to the business if a breach occurs due to cybercrime.
This method calculates how much it would cost if they lost 10% or 20% of their information due to a breach. While it is harder to put a dollar amount on a breach, they must consider factors like reputational damage as well. Our Breach Cost Calculator can help to provide insight into those numbers. If you’re a Breach Secure Now Partner, you’ve also got access to your own branded Breach Cost Calculator landing page!
Also, identify what is their annual spending per employee today – and how does that align with what they should be spending to protect their organization? Ongoing cybersecurity awareness training should be looked at as a necessity for every organization to keep employees well educated on current threats and best practices. Breach Secure Now’s white-labeled ongoing training programs make it easy to keep organizations educated, regardless of their budget. And, you don’t have to worry about keeping up with new content to identify and discuss threat trends – we’ve done the work for you!
Security Risk Analysis
Another important factor to consider when creating their budget is a security risk analysis – do they have any industry or business-specific needs that may vary from the standard? Do they fall under compliance requirements that mandate them to perform an annual Risk Analysis? Performing an annual Security Risk Analysis is an important way to identify security gaps and prioritize what issues need to be remediated immediately and what items can be put on hold.
Review Past Mistakes
Looking back on what they could or should have done different is also important. This pertains to both mindsets as well as budgets. Having a response plan is essential, but also consider if they did not have tools or resources that would have been helpful in mitigating the risk or response to a previous breach? Be sure to factor these into their budget and that they realize the cost of not addressing it in a future incident.
Current Known Needs
Identify the items that you know your clients will need within their cybersecurity budget. Software and hardware updates are the obvious items but do not overlook the intangible items such as training and response plan resources that should factor into allocating monies. If a breach occurs, do they have a public relations firm on hand or will they need to hire one? What about legal representation? As an MSP, do you have contacts that can assist your clients in this situation? If so, what are the rates to retain or hire them?
Roadmap for the Future
Ideally, they will have the budget to do everything that they need to do annually. But if not, review how the planned budget matches up with their ideal budget and make changes to allocate the funds over time, placing priority on the items that carry the greatest risk to their business.
Mistakes to Consider
Don’t take the peanut butter approach! This means that they should not spread funds equally across the board. The risk varies across a business’s components, and they don’t want to “spread it too thin” everywhere, creating not enough coverage where it is needed.
Don’t go complacent! You’ll discuss a budget with the client, but then they will never take action. What happens is that they get comfortable in this zone, and then when they are hit with a breach, they will think back on what they should have done. Unfortunately, it’s too late at this point and the best they can do is to minimize the damage.
Hold your clients accountable and ask them to sign off on the proposed budget and plans, or to conversely sign off on holding you accountable if they don’t go with your recommendations. This can seem aggressive, but you will be the first call and the first to blame if things go awry.
Do These Things
Get management on board. You will face challenges getting things approved, but by showing the potential loss and likelihood of not surviving a data breach, they will hopefully realize the importance of creating and implementing a cybersecurity budget. In today’s business landscape, it must be part of the plan every day, not just when risk increases for a known reason.
We have many resources available to you as a Breach Secure Now partner if you’re not sure how to position yourself as part of their solution to helping keep their business proactively protected. If you need assistance, we’d be happy to help!