How Can You Justify Mobile Security Expenditure?

One of the challenges with any security implementation is justifying the expenditure. Security technology costs money, but it doesn't produce a direct business return. So how can you convince your management to spend that money? These guidelines and suggestions can help.

Budget picture from Shutterstock

If you're lucky, the directive to improve security will come from higher up in the business, which means you'll have more co-operation on securing the required funding. But that isn't always the case.

This is an extract from Lifehacker's ebook Making Mobility Real: How To Choose The Right Tech For Your Business. You can download the entire ebook for free here.

Sometimes compliance is the entry cost of doing business. If you work in a highly regulated industry such as finance, then there may be specific regulations that mandate a particular security approach. In that context, justifying investing in security shouldn't be too difficult (though you'll still need to be able to demonstrate that you've found an appropriately-priced solution and that cheaper alternatives aren't available). In this context, it helps to be as precise as possible: name the regulation involved and (if necessary) identify the clauses which identify specific technology requirements.

"Would you operate without insurance?" This is the most common justification for security expenditure, and it remains a compelling one. No business expects to actually make money from paying for insurance for its buildings or the safety of its workers; the cost of insurance is a necessary part of risk management.

IT security falls into the same bucket. The main challenge with this argument is that expenditure is generally less predictable, and it's harder to compare options for anything other than the most basic of security approaches. (In that context, it can be useful to list costs on a per-head basis, even if they're not charged that way.)

Incorporate it into a broader mobility or upgrade strategy. While you can't always justify security investment in its own right, mobility strategies can often be cost-justified on the basis of improved productivity. If you can show that everyone will improve efficiency by 20 per cent as a result of new mobile technologies, then the costs of the strategy -- which include the security elements -- will be offset by the improved productivity (and potential wage bill reduction).


    Why no mention of risk? As in the likelihood, impact and cost of the risks by NOT implementing the security.

Join the discussion!