How to Convince Your Higher-Ups the Need for Cyber Security

By Hana LaRock | CEO Best Practices

Dec 08

Every company no matter how big or small, needs a means of protecting their data and systems. Though, while many of us already know this, others have a hard time actually implementing a comprehensive security plan. The whole, “saying it is easier than doing it” kind of thing.

If you’re one of the many individuals who works at a company where cyber security still has not been put on the agenda or evaluated in the budget, it might leave you feeling frustrated every day you’re at work. You’re constantly wondering what could happen to all the important things you’ve been working on or what could happen to the sensitive information of the customers you’re dealing with.

No matter your position in the company, you feel concerned as to why your higher-ups aren’t taking security more seriously. It seems that despite the meetings, the discussions, and even the obvious need for protection, those in power just aren’t budging.

But, you care. So, here’s how to get the leaders of your company to start making moves on the company’s cyber security.

Get close to who is in charge

If you have been vocal about cyber security for a while, it may be that the person you’ve been talking to about this really isn’t the one calling the shots. Often times at larger companies, you have to go through a whole chain of people before you get to the one person that can actually do something. Whether this person is the CIO, CFO, or the CEO, try and get to know them. Additionally, try to get others in your company on board with you.

Organize a meeting based solely on this topic

Meetings at companies are often brief, where the higher-ups try to get the point cross as quickly as possible. There’s little time to bring up other things, or sometimes to even talk at all. Therefore, if you want to bring up the need for cyber-security, it’s necessary that you organize a PROFESSIONAL meeting based solely on this topic. Approach your supervisor and say “Hey, I know we’re really busy, so can you tell me when would be a good time to discuss this issue?”

Have the facts ready

Some companies don’t see the need for cyber security until they are staring a data breach right in the face. As much as you may be aware of the need for preventative cyber security, it’s clear that that isn’t happening. Therefore, you need to take the initiative.

Find out exactly what it is that could be impacted if there were a data breach. Who would be affected? How much would it cost for the company, directly and indirectly? How much of the budget would it really take to prevent something major from happening, and why should employees like you be concerned? Essentially, design a presentation.

If you’re worried that your higher-ups may not see this as any of your business, you may have to start the conversation casually. “Wow, did you hear what happened to (so-and-so-company?) They just had a major, unexpected data-breach, which cost them (this much) money!”

Take care of yourself

Sometimes, people are really stubborn. Unfortunately, even after trying so hard to convince someone, they’d rather go with the “break and fix” model, even if it means a huge risk for a company. What you can do in the meantime, though, is take care of yourself. If you know basic proactive security measures, like running backups on your system, using two-step verification, and being cautious of BYOD policies, use them yourself, and try to encourage others to do the same. It may be a small step, but it will help. 

If after all this it seems your company is finally ready to start talking about security, then contact us at Smeester & Associates. We have the tools and recommendations appropriate for a company who may just be getting their feet wet but may not want to jump the gun too quickly.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!