We’re getting it wrong on the messaging for incentives to do security - and people are pretending it’s landing when it isn’t. There are 5 main categories of security incentives:1. Loss avoidance. The problem is many losses don’t outweigh the potential accumulated actual or opportunity costs of the mitigations that would have been needed to avoid the loss.2. Reputational risk / brand protection. The problem is most people forget these issues, and are acclimated to it (e.g. identity ...| Risk and Cyber
Unless you’re doing continuous or quarterly budgeting, which some organizations do, then you’ll no doubt be getting ready for the long haul of the annual budget process to seek the resources you need for your 2024 goals and, perhaps more importantly, to ensure that all the teams around your organization have the planned resources (people and budget) to do all what they need to do. This is one of the core disciplines of security leaders at all levels from sub-team to the whole organization...| Risk and Cyber