* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [CIO/CISO](https://origin-researchcenter.paloaltonetworks.com/blog/category/ciociso/)
* Security Budgets: How To ...

# Security Budgets: How To Get Your C-Suite's Attention

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F01%2Fsecurity-budgets-get-c-suites-attention%2F)  
[](https://twitter.com/share?text=Security+Budgets%3A+How+To+Get+Your+C-Suite%E2%80%99s+Attention&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F01%2Fsecurity-budgets-get-c-suites-attention%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F01%2Fsecurity-budgets-get-c-suites-attention%2F&title=Security+Budgets%3A+How+To+Get+Your+C-Suite%E2%80%99s+Attention&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2014/01/security-budgets-get-c-suites-attention/&ts=markdown)  
\[\](mailto:?subject=Security Budgets: How To Get Your C-Suite’s Attention)  
Link copied  
By [Rick Howard](https://www.paloaltonetworks.com/blog/author/rick/?ts=markdown "Posts by Rick Howard")  
Jan 27, 2014  
6 minutes  
[CIO/CISO](https://www.paloaltonetworks.com/blog/category/ciociso/?ts=markdown)  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[budget](https://www.paloaltonetworks.com/blog/tag/budget/?ts=markdown)  
[cybersecurity](https://www.paloaltonetworks.com/blog/tag/cybersecurity/?ts=markdown)

During annual budget negotiations, there is always a question about spending priorities. As a security professional, I have found that if you want to get the executive suite's attention, you have to frame your security budget proposals in terms of real business risk. You don't want bogeyman-style, Fear Uncertainty and Doubt (FUD)-driven presentations but you do want an honest evaluation of the true risk of a cyber event to the business.

Don't make these presentations too technical, at least in the beginning. You have to get your executives' attention first or else you'll wear them down with geek-speak long before you get to explain your pet project. I always begin with what I call the Business Heat Map.

Most mid-to-large size businesses have some form of this graphic to present to the Board of Directors on a regular basis. It usually shows the Top 10-15 business risks to the company on a grid. The X-axis shows how likely the threat that causes the risk will actually happen, usually presented as a range from "Remote" to "Almost Certain." The Y-Axis shows the impact to the business if it does happen, presented as a range from "Very Low" to "Material" impact.

Your first battle is to make sure that cybersecurity risks make that Top 15 list. In other words, you're not even in the budget conversation unless the C-Suite acknowledges that there is actual business risk from a cyber vector along with the other risks that causes them concern: pending lawsuits, M\&A Activity, loss of reputation, and so on.

**Explaining Cybersecurity As A Compelling Risk**

Once I've established cybersecurity as a compelling risk, I like to build a Cyber Risk Heat Map just for the category, and show all of the cybersecurity risks that you and your team are tracking.

Again, this discussion with your budget makers shouldn't be technical -- it is an overview, explained for an executive audience. We are not trying to show the 1,000 potential ways that an adversary can get into the network. We are trying to show the C-suite who the adversary is.

A good way to start is by putting the most likely cyber adversary motivations on the heat map:

* Cyber espionage
* Cyber crime
* Cyber hacktivism
* Cyber terrorism
* Cyber warfare
* Disgruntled employee

I would cheat a bit and add "insider threat" to the map because the question always comes up. That's a cheat because an insider threat can come in the form of any of these cyber adversary motivations -- it's really more of a tactic and not quite a "motivation." But if you add it to the list of what to explain, you'll head off questions about your chart.

Where you place these adversary motivations on your heat map is likely to be different depending on your business sector. A financial services business, for example, might place cyber crime high and to the right on the heat map, whereas a manufacturing business might have it low and to the left.

It's helpful to provide at least one real world, preferably recent example of each of these adversary motivations to show what the cost was to the business. A few years ago, for example, a [disgruntled employee at Steven E Hutchins Architects](http://www.foxnews.com/story/2008/01/24/angry-employee-deletes-all-company-data/) destroyed seven years of customer data as well backup data. It cost the business $2.5 million to restore it.

The cyber adversary motivations that migrate to the top right of your Cyber Risk Heat Map are the risks you are trying to reduce. When you put Cyber Risk in the Top 15 of the overall Business Heat Map, the cyber adversary motivations that are in the top right of the Cyber Risk Heat Map are what you are referring to.

**Explaining Mitigation**

The next step is to show how you, as the security professional managing the infrastructure, mitigate those risks. Again, this is not a technical discussion -- it's an approach. I'd begin by discussing the Cyber Kill Chain.

Regardless of the motivation, every adversary will follow the Kill Chain approach into your network to be successful:

1. Recon to find vulnerabilities in the company's defense.
2. Develop a weapon to leverage any found vulnerabilities
3. Deliver the weapon
4. Install the weapon
5. Establish Command \& Control
6. Deliver and Install the malcode package that will accomplish the task: steal credit card numbers, steal PII, destroy data, damage equipment, etc.
7. Exfiltrate stolen information if that is the goal
8. (Optional) Compromise more computers laterally

Adversaries have to be successful at all seven links in the Kill Chain to accomplish their overall objective. The defense only has to be successful once in the Kill Chain to stop them, however, and a good strategy is to place mitigation controls at each level of the Kill Chain and monitor for activity.

Palo Alto Networks solutions address each step in the approach, from our enterprise security platform's [increased visibility into applications, users and content](https://www.paloaltonetworks.com/products/features/policy-control.html) to the extended [malware detection capabilities found in WildFire](https://www.paloaltonetworks.com/blog/2014/01/pan-os-6-0-wildfire-delivers-breakthrough-visibility-unknown-malware-zero-day-exploits/). (I urge you to get caught up on all the [advanced features we just released as part of PAN-OS 6.0](https://www.paloaltonetworks.com/products/newinpan-os.html).)

At this point, it's useful and illustrative to show examples of adversary activity down the Kill Chain for the past year; in other words, how far the attackers got down the Kill Chain and what we did about it. I'd close by evaluating the strength of our controls at each level in the Kill Chain. If I did everything correctly and pleaded my case, the weakest link in our Kill Chain defenses should be precisely the pet project that I am pushing in this year's budget.

**Conclusion**

The process I described allows security practitioners to clinically evaluate the risks to the business. For example, cyber hacktivism is a very scary thing but perhaps the impact to the business, if it were to happen, would not be material. It might be serious, but even toward the lower end of a range depending on your business sector and who your customer base is.

So take a prescriptive approach. Instead of trying to convince the C-Suite to spend money on cyber defense because, you know, it is cyber and it is scary, you can show them exactly what they are spending the money for and why it's important.

*** ** * ** ***

## Related Blogs

### [CIO/CISO](https://www.paloaltonetworks.com/blog/category/ciociso/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Information Security Governance](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/information-security-governance/)

### [CIO/CISO](https://www.paloaltonetworks.com/blog/category/ciociso/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### How Japanese Businesses Are Cultivating Cybersecurity Professionals](https://origin-researchcenter.paloaltonetworks.com/blog/2016/10/cso-japanese-businesses-cultivating-cybersecurity-professionals/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Chasing the Dream: Women in Cybersecurity Across Asia-Pacific and Beyond](https://origin-researchcenter.paloaltonetworks.com/blog/2017/12/cso-chasing-dream-women-cybersecurity-across-asia-pacific-beyond/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Japan's New Cybersecurity Strategies Have the Right Priorities in Mind](https://origin-researchcenter.paloaltonetworks.com/blog/2017/11/cso-japans-new-cybersecurity-strategies-right-priorities-mind/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)

[#### Palo Alto Networks Day Japan 2017: Evolving Cybersecurity Efforts to Increase Trust in the Digital Age and Prevent Cyberattacks](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/cso-palo-alto-networks-day-japan-2017-evolving-cybersecurity-efforts-increase-trust-digital-age-prevent-cyberattacks/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)

[#### Tips for Gamifying Your Cybersecurity Education and Awareness Programs](https://origin-researchcenter.paloaltonetworks.com/blog/2017/07/cso-winning-game-cybercriminals/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language