With IT budgets on the rise, and the average company spending 5% of its revenues on IT, according to one study, billions of dollars are being spent each year on IT procurement.
As an IT professional, your job may involve not only determining which solutions are right for your company, but also communicating those needs to senior management. But with the amount of marketing hype and information (not to mention potential misinformation) coming from product vendors and the media, this often becomes a daunting task. Many times, senior managers fall back on fear and other emotions when considering IT purchase decisions, rather than relying on empirical evidence.
We’ve spent the past three years examining the many ways in which businesspeople misinterpret information and identified four tactics that may help you keep your leadership team focused on the data when it comes to IT procurement:
1. Understand the power — and danger — of emotions. Your CEO walks into your office one morning and asks what you’re doing about data breaches. He’s worried that 90% of companies say they’ve been hacked, and that there have been more than 75 publicly disclosed data breaches that involved 1 million or more records in the past decade.Or perhaps he’s concerned about the current ransomware threat that is disrupting entire businesses by encrypting their computer systems and forcing firms to pay for the decryption key.
Security is an emotionally charged, top-of-mind issue, whether it’s ransomware, credit card theft or state-sponsored hacking, and product vendors often use this fear to try to make a sale. But just because high-profile security breaches make headlines doesn’t mean that your company is a likely target for those types of attacks. Are you a global bank, or a corner doughnut shop? Do you have PII, PHI or other data that hackers want? What is the likelihood of getting hacked for your company, and what are the most likely methods? If there is a security breach, what is the risk for your company? Will your CEO see the threat as more manageable if he realizes that known vulnerabilities may be a top cause of exposure to data breaches?
It’s important to separate the fear from the data and take a close look at the facts. For example, that claim that 90% of companies say they’ve been hacked is based on self-reported data from a Web-based survey. By accurately predicting the true risk, magnitude, source and target of potential hacks, you can work with your CEO to focus your security efforts more effectively.
2. Use data to counteract preconceptions. Cloud computing can offer a wealth of benefits, from lower costs to greater flexibility, availability and scalability. And yet your organization’s leadership may be concerned about putting the organization’s data and resources in a location they cannot visit. Why? While some people may question the security of data in the cloud, consider the emotional factors at play. Many people simply have difficulty putting their trust in something that they cannot see or touch. You may not share these feelings with your managers, but it’s important to acknowledge them — and focus on the data — in order to build consensus and make your case. What are the availability metrics for compute and storage solutions? How do the security protocols and controls of the cloud provider compare to those you follow on-premises? Getting data that directly addresses these questions may help overcome any emotional resistance.
Sign up for CIO Asia eNewsletters.