IT staffs use fear to sell security

* Survey says IT managers use fear to persuade execs to increase security

Here's an interesting result from a survey by firewall/VPN appliance vendor WatchGuard: fear, uncertainty and doubt are a good way to sell security to upper management.

The survey of 150 customers of the company's security service says that the most popular method (49% of respondents concurring) to successfully persuade decision makers in their organizations to increase security fell into the fear bucket, playing on concerns that something bad might happen if they don't.

Fear is a powerful motivator, but not necessarily the one that should rule the day. Security decisions should be made on realistic assessment of a threat, the cost of being successfully attacked and the cost of shoring up protection against the attack.  Encouragingly, this was the second most popular response, with 30% reporting that this rational assessment was the type of argument that was most persuasive. Of course, that still leaves an awful lot of people ruled by fear.

Despite this finding, the businesses polled seemed to have their heads on straight about taking security seriously and acting accordingly. The survey found that about half of the respondents said that their bosses change practices in response to security concerns raised by their IT staff either most of the time or always.

The other half said their concerns result in altered practices about half the time or less. A surprisingly high 12% of those polled said their concerns never resulted in change. Assuming the concerns raised are legitimate, it seems that these 12% are doomed to be persuaded the hard way - suffering a successful attack.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT