IT managers scare execs to win bigger security budgets

Administrators in small and medium companies have resorted to scare tactics in an attempt to make senior executives take security more seriously, according to a survey published by WatchGuard on MondayNetwork security specialist WatchGuard conducted a survey of network administrators and IT managers from around the globe to find out how they persuade senior management to change their company's security practices.

Administrators in small and medium companies have resorted to scare tactics in an attempt to make senior executives take security more seriously, according to a survey published by WatchGuard on Monday

Network security specialist WatchGuard conducted a survey of network administrators and IT managers from around the globe to find out how they persuade senior management to change their company's security practices.

The results showed that almost half of respondents found that presenting the management with stories to fill them with fear, uncertainty and doubt (FUD), was the best method.

According to the survey, the FUD factor was raised by "presenting worst case scenarios involving confidentiality breaches, lost customers or liability charges to justify investments in information security technology".

The survey also found that "an encouraging" 30 percent of respondents used more traditional methods of persuasion such as presenting the board with "rational facts, cost-based analysis, productivity statistics and industry articles".

However, 51 percent reported a relatively healthy relationship with their management and admitted that any changes in security practices were based on their recommendations "most or all of the time".

Mark Stevens, chief strategy officer at WatchGuard, said the survey reveals there are huge differences in the way smaller companies deal with IT security.

"SMEs vary greatly in their approach to security. Despite high profile attacks and regulatory pressure, a strong security-conscious culture is still not second nature to all organisations," said Stevens.

Stevens said that to minimise a company's exposure to attack it is imperative that administrators have the full support of their senior management.

"To protect against the threat of attack, executive sponsorship is critical. Organisations need to adopt an approach that incorporates not only technology solutions, but ongoing user education as well as development and enforcement of security policies," said Stevens.