Introduction - Aaron Birnbaum

Welcome ​@aaronbirnbaum, great to have you here. That is THE burning question, isn’t it?! A few ideas:

-Cybersecurity seen as a cost, not an investment

-Difficulty understanding or quantifying the risks

-Complacency because they haven’t experienced it

-Limited budget and resources

I remember Matt Lee talking about shifting the narrative specifically around the expectation of ROI from their cyber security spend. An investment in cyber security allows a company to avoid a catastrophic event in the hundreds of thousands of dollars, as opposed to seeing some kind of magical return for the dollars spent. This is an important shift.

In recent conversations I’ve been using the concept of a “pre-mortem exercise” which simply asks the question: “it’s a year from now and this thing that we proposed was not done, or failed, what went wrong?“ This allows the customer to put themselves in a future state to understand how they feel about the decision they made (or didn’t).

You could consider piloting a table top exercise with a couple of willing clients, so you have a story to tell about all the ways things can and will go wrong, and this is when there’s actually little risk, data loss, or reputational destruction.

Keep at the relationship building, this will play a major role for your customers’ readiness, or willingness to listen.