Every IT professional knows it鈥檚 not enough to come up with an effective security strategy 鈥 you also have to convince your boss to sign off on it. This can be easier said than done. Sometimes otherwise very intelligent leaders just don鈥檛 seem to 鈥済et it鈥 when it comes to the importance of cyber security. Whether you report to the Director of IT or the CEO, here are some quotes to get your boss to finally take IT security seriously.
When Your Boss Doesn鈥檛 Want to Spend the Money
If you spend more time on coffee than on IT security, you will be hacked. What鈥檚 more, you deserve to be hacked.鈥
Richard Clarke, White House Cybersecurity Advisor, 1992-2003
Nobody deserves to be hacked. That said, security is like everything else: you get what you pay for. Use this quote as a reminder for your boss to put their money with their mouth is.
When Your Boss Thinks Security is 鈥淛ust an IT Issue鈥
Thinking of cybersecurity solely as an IT issue is like believing that a company鈥檚 entire workforce, from the CEO down, is just one big HR issue.鈥
Steven Chabinsky, Global Chair of Data, Privacy & Cybersecurity at White & Case LLP
For people in the C-suite, it鈥檚 tempting to compartmentalize everything. But when security is reduced to just the IT department, it鈥檚 a major mistake. Every person at the company is a potential avenue for a security breach, and therefore everyone must be trained and all of their systems secured in order to have any chance at achieving true security.
When Your Boss Doesn鈥檛 Get the Stakes
It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.鈥
St茅phane Nappo, Global Chief Information Security Officer at Soci茅t茅 G茅n茅rale International Banking
Executives and founders have generally been putting in long hours to build their organization over the course of decades. This quote is powerful because it frames the risk of a cyber security incident in terms of those years of hard work.
When Your Boss Thinks There鈥檚 an 鈥淓asy Button鈥
There鈥檚 no silver bullet solution with cyber security, a layered defense is the only viable defense.鈥
James Scott, Institute for Critical Infrastructure Technology
Some bosses think that there should be a single tool or solution that automatically 鈥渢akes care of the security thing.鈥 But there is no silver bullet, no easy button, and no pre-packaged solution for security. True security can only be achieved with a broad collection of complementary tools and daily vigilance from both admins and users 鈥 in other words, a layered defense.
When Your Boss Isn鈥檛 Looking Long-Term
One of the tests of leadership is the ability to recognize a problem before it becomes an emergency.鈥
Arnold H. Glasow, Author & Businessman
Every boss has the desire to be a great leader and that means having great vision. The best leaders see where things are headed long before they arrive and 鈥渟kate to where the puck is going to be鈥 (credit to Wayne Gretzky). You can use the quote above to frame a proactive approach to security as a 鈥渢est of leadership鈥 that they鈥檒l want to pass.
When Your Boss Says It鈥檚 Too Risky
There are risks and costs to a program of action 鈥 but they are far less than the long range cost of comfortable inaction.鈥
John F. Kennedy, 35th President of the United States
Oddly enough, leaders will sometimes find the risk in a security measure. These supposed risks may have to do with wasted time, ill-spent money, and security fatigue. The JFK quote above acknowledges that there are inevitably risks in any action, but they are often worth it.
When Your Boss Thinks You鈥檙e Doing Too Much Already
Security is always excessive until it’s not enough.鈥
Robbie Sinclair, Head of Security, Country Energy, NSW Australia
Has your boss ever told you to just 鈥渞elax鈥 about a certain security threat? Have they bristled at your requests to institute security measures and regular trainings? This quote has an artful way of reminding bosses and users alike why you鈥檙e insistence on following security best practices may sometimes border on excessive. There鈥檚 a fine line between too much and not enough.
When Your Boss Needs a Wake-Up Call
There was this absolutely horrible moment where I realized there was absolutely nothing at all that I could do.鈥
Amy Pascal, Former CEO of Sony Pictures
This isn鈥檛 as much a great standalone quote as it is a window into what it feels like to be the CEO when a major cyber attack occurs. Imagine how Amy Pascal must have felt that morning in 2014 when she woke up and saw Sony Pictures on the news as the victim of a major breach. Fair or not, Pascal鈥檚 career would never be the same again 鈥 and the 鈥榝ormer鈥 in front of her title is likely to speak volumes to your boss.
When Your Boss Thinks They鈥檙e Above The Law
A business will have good security if its corporate culture is correct. That depends on one thing: tone at the top. There will be no grassroots effort to overwhelm corporate neglect.鈥
William Malik, VP and Research Area Director for Information Security at Gartner
Good bosses know that their behavior trickles down to the rest of the employees at the company. They鈥檙e not just making executive decisions, but also modeling culture. But even though most leaders understand this concept, many see security as an exception. For instance, they鈥檒l think that MFA shouldn鈥檛 need to be required on their laptop. When your boss thinks they don鈥檛 need to follow your security rules, use this quote to bring them too their senses.
When All Else Fails鈥
The best way to get management excited about a disaster plan is to burn down the building across the street.鈥
Dan Erwin, Security Officer, Dow Chemical Co.
OK, so obviously we鈥檙e not actually advocating for you to commit arson (and we鈥檙e pretty sure that Dan Erwin isn鈥檛 either). His point is valid though: there鈥檚 no better wake up call then a near-miss. Instead of causing a security incident at the building across the street, find an example of an organization similar to your own that has experienced a painful breach. Sharing that story with your boss will likely make an impact.
More IT Security Resources
We hope that you鈥檝e found these quotes helpful 鈥 and we hope that they convince your boss to begin taking IT security seriously. But we also understand that a pithy quote isn鈥檛 going to do anything to help prevent a cyber attack.
For more practical instruction, we鈥檝e compiled some insights from our security team into a guide called Security Training 101: Employee Education Essentials.
At 探花大神庐, we鈥檙e a company that lives and breathes security every day. Our customers entrust us to unify their identities and provision user access to all of their IT resources 鈥 from their laptops to their apps, files, and networks. So we must hold our practices, our protocols, our employees, and even our bosses to the highest standards of security.
You can learn more about 探花大神 and how our cloud-based directory helps organizations secure their IT infrastructure on our product page. 探花大神鈥檚 security features include system policies, password complexity management, multi-factor authentication, full disk encryption, RADIUS networking, SSH key management, and more. If this sounds useful, request a demo.
