Issue link: https://insights.oneneck.com/i/1476866
1 INTRODUCTION We won't sugarcoat it: executive support can make or break any program within your organization (security-related or otherwise). No support means no budget, no resources, no prioritization. In other words: no program. Security awareness training specifically can have its own set of hurdles. Cybersecurity programs have traditionally focused on software solutions designed to prevent, protect, detect, and respond to attacks. With security awareness training – a very human aspect of your cybersecurity program – the lack of executive support will likely be the deciding factor as to whether it is implemented or not. It's not just essential to ensure that you've got the backing to get the budget you need to create an effective and engaging training program. If the actions, habits, and cyber hygiene of the executive team don't align with the message of your security awareness training program, the entire program can be undermined. For your security awareness program to be a success, the executive team must be convinced that the security mindset and culture created by security awareness training is the right thing for the organization and "talk the talk" and "walk the walk" when it comes to supporting this initiative. Dealing with the complexities of internal politics, as well as gaining and maintaining executive support, can be a significant challenge for a variety of initiatives within an organization. However, this challenge is heightened when it comes to security awareness training, because the training and its impact aren't always clearly linked to an organization's bottom line. So, how do you obtain and maintain the executive support you need? In this whitepaper we'll look at some of the questions you should ask when seeking executive buy-in for your program, as well as some of the things you can do to put yourself in the best possible position to get the support you need. HOW IS YOUR STORY BEING TOLD WHEN YOU'RE NOT AT THE TABLE? Most companies are unlikely to give those seeking to run a security awareness program a seat at the executive table or even an audience to present. As a result, effectively communicating your story to executives and highlighting the true value and benefits to the organization based on what you are planning to do become essential. Here are a few questions to think about to ensure you can do this effectively: • What is the story you're telling and what do you want an executive's takeaways to be when they think about the program? • Do you even know the reasoning behind implementing a security awareness program? (While this may sound a little harsh, if you don't fully understand the whys and wherefores of what you're doing, you're never going to convince your executives!) • Does your story and value proposition make sense in presentation? (That is, if you listened to your own value proposition would it match up with what you are trying to get across? And if not, what are you doing to turn that around?) For your security awareness program to be a success, the executive team must be convinced that the security mindset and culture created by security awareness training is the right thing for the organization.