Selling Data Protection to the C-Suite

JUNE 5TH, 2017

If you work in IT, you know what’s at stake if your company doesn’t regularly upgrade its data protection solution. But the C-Suite? They don’t always get it.

The C-Suite may look at upgrading its current data protection as an optional insurance policy that they aren’t interested in buying. And if you’re pitching time savings for the salaried IT department as a perk, the C-Suite may not view your convenience as a compelling argument for spending company dollars.

Anyone in the C-Suite who did not advance through the ranks of the IT department may not share your deep understanding of the business’s overall IT needs. So you may need to educate them on the risks inherent in businesses that rely on data and connectivity to function — which, in 2017, is every business.

The business case for data protection is clear

In most cases, the investment to upgrade backup and recovery solutions will pay for itself during the first ransomware attack or site disaster. A Texas healthcare network that uses Arcserve’s UDP Appliance, successfully faced down four ransomware attacks within an 18-month period. Some of those attacks were so severe, affecting so many aspects of the system’s data, that a recovery effort without Arcserve’s backup utility would have cost at least $50,000.

To win over skeptical members of your company’s C-Suite to fund necessary upgrades to your data protection solution, it helps to get your CIO or director of IT on board with the plan. You can do this by equipping them with all of the latest information about the risks, benefits, recovery times, and costs of upgrading compared with the status quo. As a team, you can help shift the conversation from focusing on the cost of the upgrade to the greater potential cost of not upgrading.

Here’s how to build a compelling argument to prove the need for additional investment in data protection.

Discuss threats to your data

Any business that does not have an adequate data backup and recovery solution is leaving itself open to a ransomware attack or to incurring massive losses from a site disaster — not to mention the ordinary, everyday impact of human error. Ransomware attackers only restore data in about half of cases where they receive payment, and in some of those cases, the businesses only receive partial or corrupted data. So, in addition to the loss of the ransom, businesses without adequate backup and recovery solutions still face the task of recreating data or starting over.

And if losing your own critical business data isn’t enough, depending on your industry, you may face regulatory scrutiny following an attack concerning your data protection policies. If regulators find that your negligence in protecting your data and your customers’ data exposed your customers to attackers — think about healthcare organizations and anyone that processes credit cards — you could face serious damage to your business reputation.

Evaluate your current data protection solutions

The constant need for upgrades to software and hardware in IT can feel like a drain on the organization in the face of other competing expenses. A CFO may look at the upgrade from three years ago and consider it “good enough” unless you make clear exactly what outcome the business would most likely face in the event of an attack.

Under the current setup, recovery might be so slow that it would cripple the business for a week. Some data might still be lost because of inadequate storage or infrequent and unsuccessful backups. Every hour that servers are down after an attack could result in lost productivity and lost sales. How will the business be impacted if the electronic doors won’t open? If the credit card machines are offline? How will your sales team function for a week if they can’t access the data in their customer-relationship management software?

An upgrade to the business’s backup and recovery solution could dramatically improve recovery time, mitigating all of these risks. If you can estimate the amount of money that would be lost in such an attack from both recovery efforts and decreased productivity, you’ll be able to present a more compelling argument.

Take a big picture, business-level view of IT investment

IT impacts every facet of a business, from performing daily communication, to maintaining client records, to conducting transactions with point-of-sale equipment. IT is no longer just an expense. In most businesses, it forms the foundation of the entire operation. An IT department that wastes hours each day performing backup routines that could be automated, for example, is an IT department that invests less time identifying efficiencies and process improvements in other areas of the business.

Lost time in the IT department is not just an inconvenience, it’s a drain on the whole organization.

Reduce costs when you apply the right level of protection to each type of data

Every business faces the risk of data loss. But that doesn’t mean every type of data requires tight RPOs and RTOs, which can drive up costs.

Some applications are critical to business operations 24/7, like point-of-sale applications, while others are less of a priority to recover quickly. Your marketing team can probably survive without access to its brochures for several days, for example.

By categorizing your data by RTO requirements, you can adopt a mix of good, better, best solutions to optimize your budget.

Take a strategic approach to get your C-Suite green light

Convincing the C-Suite to invest in data protection is simply a matter of pitching the bottom line outcome of taking action versus not taking action. Yes, it hurts to spend money in order to save money, but the risk of leaving data unprotected is a risk that no business can afford to take.