During my professional journey as a project manager, I developed several business cases for approval. Most were approved. Some weren’t. Most organisations expected 3 business recommendations, often along with a mandatory 4th one – ‘Do Nothing’ with a deep consequential analysis. As in, what would be the impact if we were not to act as a business.
Today, I lead a cybersecurity professional services firm. When I reflect on that 4th recommendation (Do Nothing) in my current professional practice, I am perplexed at how can ‘Do nothing’ even surface as an option.
To organisations who are considering doing nothing on cyber security matters, I encourage them to reflect on writing a business case. Jot down 5 things that come to your mind as to the consequences of doing nothing.
Here are a few from me:
What are a few of yours?
Let’s reflect. Let’s share our thoughts as we build a culture of ‘cyber security by design’.
And if you are ready to proactively take charge of your cybersecurity, talk to a consultant!