Selling Disaster Recovery Planning and Information Security to Managers

One of the most difficult aspects for IT professionals is gaining support for IT spending. Executives are skeptical about IT solutions and are very reluctant to release any funds.

This article will focus on the difficulty encountered when trying to sell information security projects and Disaster Recovery Plan projects to business managers or financial officers.

Why is it that so many managers view IT as an additional component of their business operations?

I can suggest a few possible reasons:

  • Bad experiences in the past
  • IT is viewed as a liability instead of an asset
  • Lack of knowledge, complexity, technical language, all intimidate people from becoming IT fluent and aware
  • Inability to perceive the Return On Investment  of any IT-related project
  • Misconceptions about the reality of their current IT situation and state of the organisation
  • Lack of planning. No IT strategy, No roadmap
  • Business plan does not factor in any IT elements or spending

The reality is this. There are two ways to spend money on IT.

  1. You can undertake planned spending OR
  2. You can undertake un-planned spending.

Do you want to allocate $0 to an IT budget forecast and pay as you go along?

Sure, make inaccurate predictions for the next fiscal year that look impressive and then bleed funds from the company’s bank account during the year as incident behind incident occurs.

At the start of the year, your predictions look healthy. The balance sheet is in your favour and you have the extra money to buy more assets. During the year, IT costs go from $0 to $10 000 – sometimes overnight – to cater for your unprecedented incidents or minor disruptions. At the end of the year, 5 disruptions later and $20 000 afterward…you’ve moved from point A to?


You haven’t moved anywhere, just merely saved your information from being damaged and lost completely. (You may have also kept a few IT blokes in employment also.)

Let’s look at the other scenario

  • Add IT spending to your annual budget
  • Have that money set aside
  • Refer to your short-term IT business plan
  • Allocate a set amount for each project you PLAN to undertake for the next 12 months

As the year unfolds, start and finish all proposed projects. All the while, keep an eye on your system and information security. Take notes and start to think about what IT investments might be adequate for the next budget.

Anticipate incidents, disruptions and disasters. Have your disaster recovery documents up to date. Perform test drills of possible scenarios and ensure all employees know how to respond under these conditions.

At the end of the year, you may or may not have encountered incidents. You may have overcome some incidents or identified and addressed others before they affected your organisation. Your IT infrastructure performed as expected but you are planning some upgrades for the next year already.

There are two ways to exist in your environment. You can let your environment impact on you, by dictating when and how much you spend on your organisation.


You can impact on your environment. Deciding when or if you spend money. Anticipate possible problems before they manifest themselves and plan the future growth of your company. Always one step ahead and stronger than before.

My advice for organisations that don’t currently have an adequate IT infrastructure and are unsure on how to spend and invest on this part of the organisation.

  1. Create and IT strategy
  2. Begin an Information Security vision

There are no excuses for not having spent the resources on IT or security. The first is fundamental to your growth, the second is fundamental to your existence and survival.

Another thing to note is that IT is not a cheap expense in business. And it won’t be getting any cheaper (regardless of how fast the price of memory drops). You will spend the money whether you are proactive or not. The difference is “do you want to get quality solutions, or do you want to use that money just getting by, covering patches and quick fixes?”

In summing up. I think organisations need to view IT with a more positive perspective. It always gets treated with less attention, regard and seriousness compared to other areas of a business. It doesn’t have to be just a daunting and negative experience.

The fact is:


Increase your IT spending. Bring the IT part of your organisation up to par with the rest of the business functions. If you don’t then, it will cripple your ability to achieve success regardless of your industry.

To those of you who are proactive and see the need for resilient IT solutions, good on you. For the rest of you that will stubbornly continue with the “IT ON A SHOE-STRING” model, good luck to you.

Feel free to add a comment if this topic is relevant to you or if you have any experiences or advice to share.

More related topics coming soon…