Greater scrutiny on margins means earning the green light on preemptive projects that don’t produce immediate ROI, such as disaster recovery, a tough sell. Here’s how CIOs can make the case. Credit: Jacob Lund / Shutterstock It’s common knowledge among CIOs that disaster recovery investments are always de-prioritized by company boards — until disaster strikes. But disaster recovery is just one example of projects that are of an important and preemptive nature that CIOs want to fund but find de-prioritized when it comes to budget approval. Others include preparation for zero-day attacks, almost anything having to do with data stewardship, as well as IT training and social engineering audits. Worse, when budgets tighten, such projects become all but forgotten at the board level, even though the underlining issues remain, likely to compound with inattention. And 2024 looks to be that kind of year, with John-David Lovelock, distinguished VP analyst, reporting that “IT spending will be driven by more traditional forces, such as profitability, labor, and dragged down by a continued wave of change fatigue.” With greater scrutiny on margins and ROI, CIOs must spend wisely, making today’s economic environment a more difficult one for selling preemptive projects that don’t produce immediate ROI. Despite these challenges, having an up-to-date disaster recovery plan that works and guaranteeing a robust network, security, and systems support framework for new business directions are foundational elements of IT that can’t be ignored — and should be funded. So, how do you go about gaining support for projects that seem to offer so little in terms of tangible, immediate returns? There’s a trick to this, and it’s one that, ultimately, your organization will thank you for. Here are three strategies for getting it done. 1. Invoke the what-if fear factor Preemptive project funding and prioritization usually falls short because of other, more pressing project priorities that are pushed forward because the likelihood of the preemptive event happening is small. When this happens, corporate risk is heightened as preemptive projects get delayed — sometimes for indefinite periods of time. CIOs can change this thinking by incorporating preemptive projects like disaster recovery into their corporate risk management strategies. What if, for example, your company’s IT is brought down by a denial-of-service attack, or by a ransomware demand from a hacker asking for millions of dollars in payment before your systems are unlocked? Even if these events don’t occur, what kinds of premiums are you likely to pay your corporate and cyber-liability insurers when they read your latest audit reports and see you haven’t updated your disaster recovery plan or invested in hardening your network security for over two years? The average cost of a data breach is $4.64 million, and in 2022, two out of three midsize companies experienced a ransomware attack, so disaster recovery and corporate security are serious matters. Preemptive project investments most often needed in these areas are: updates to disaster recovery plans, and provisions for testing those plans to make sure they work; mechanisms for failover, whether to another data center or to a cloud; investments in security software, hardened systems, and zero-trust networks; and IT staff training and/or staff additions. 2. Bundle IT infrastructure needs with corporate strategies If the corporate plan is to decentralize operations by bringing on remote manufacturing plants, or by moving more employees to remote home offices, it is likely to have an impact on IT. Yet, when remote facility plans, such as employee home offices, are conceptualized, their ROIs focus mostly on savings due to the reduced square footage needed for leased office space. When plans for decentralized manufacturing are unveiled, the ROIs usually project reduced taxes/labor costs or reduced shipping costs because the new plants will be located proximate to raw materials needed for manufacturing. What the ROI calculations tend to overlook are the increased costs associated with extending IT networks and systems to more edge locations — and ensuring that security is robust. When these additional costs appear, the original ROI prognosticators get unhappy. CIOs can prevent this from happening by participating at very early stages in corporate decentralization plans so that the costs of additional IT enhancements can be baked into estimates before ROIs are calculated. The IT enhancements likely to be needed include zero-trust networks and equipment, additional security and observability software, more bandwidth, and even SASE (secure access service edge). 3. Embrace metrics to emphasize the importance of training Often the first category to fall on the budget battlefield, training for IT staff and end-users is an important investment — and one that is hard to recognize in terms of tangible results besides expenses. Yet without training, both IT and end-users are ill-equipped to move forward with new technologies that the company needs. You can’t calculate ROI in customary ways when it comes to training — but you can raise awareness in the company about the risks of not having employees trained to do their jobs. Important metrics to consider for training investments are employee retention, employee growth, and the costs of bringing in talent instead of growing it yourself internally. In 2024, LinkedIn surveys show that half of all Americans want to change jobs. The cost of replacing an employee is running a high as six to nine months of that employee’s salary — not to mention the possibility of project delays or the adverse impact on employee morale. CIOs need to point this out to the board, to the CEO, and to other C-level executives. In other words, how much business risk does your company run if it can’t find (or train) employees into the jobs it needs to be done? Related content opinion The cyber pandemic: AI deepfakes and the future of security and identity verification Attackers have seen huge success using AI deepfakes for injection and presentation attacks – which means we’ll only see more of them. Advanced technology can help prevent (not just detect them). By Aaron Painter May 02, 2024 5 mins Artificial Intelligence Security brandpost Sponsored by Cisco Transform the modern data center: From today to the future Embrace agility, elasticity, and cognitive intelligence capabilities for a data center strategy that’s performance-ready and sustainable for the future. By Murali Gandluru May 02, 2024 4 mins Networking brandpost Sponsored by TCS and Microsoft 5 keys to optimizing ROI on your Cloud Center of Excellence 5 keys to optimizing ROI on your Cloud Center of Excellence CoE adoption is on the rise – but success means evaluating relevance, staying connected, building a strong team, continuous innovation, and transforming culture. By Tata Consultancy Services May 02, 2024 2 mins Manufacturing Industry Cloud Computing brandpost Sponsored by TCS and Microsoft Best practice advice for improving productivity while maintaining security The modern “borderless workplace” requires a new strategy. Microsoft and TCS are answering the challenge with innovation solutions. By Tata Consultancy Services May 02, 2024 1 min Manufacturing Industry Microsoft Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe