How CISOs can forge the best relationships for cybersecurity investment

In turn, applying a business mindset helps CISO achieve budget goals and greater satisfaction when day-to-day security operations are in sync with the strategic goals and priorities of leadership including the board. CISOs that lead security programs viewed in the context of business risk are more likely to be satisfied with their budget when this alignment is in place, according to the IANS report.

However, in practice, CISOs can find themselves facing a critical paradox, according to Richard Watson, global and APAC cybersecurity consulting leader at EY. On one hand, the board can express a low appetite for cyber risk, but on the other hand, management might be saying there’s a need to cut a certain percentage from the budget. “These are almost irreconcilable positions, yet I see a number CISOs struggling with this paradox,” Watson says.

While the CFO is a key stakeholder due to their budget management role, in these kinds of situations, Watson says it’s important for CISOs to highlight these contradictory objectives and look to natural allies to help build support for their budget.