A Growing Crisis of Value Measurement
Technology, data and cybersecurity teams have long struggled to showcase their value within their parent organizations. The complexity of technology coupled with hard-to-define and easy-to-manage metrics leaves technology teams struggling to showcase their value and execute within a timeframe in which the business can accept the investment and risks associated with the potential return. As the speed of technology-driven change has accelerated, this problem has amplified with technology, data and cybersecurity teams continually working to manage tech debt while being asked to deliver new capabilities in ever-more compressed timelines.
While technology, data and cybersecurity teams can struggle with their value proposition, other key business functions have managed to build tools and shared language to measure and communicate their success. Sales, finance and corporate development have a strong toolbox, including sales budgets, value creation plans, profit & loss statements, GAAP-accounting standards and the rule of 40 that are generally accepted and widely understood. When these tools are employed, these organizations start from the advantage of a shared understanding of their inputs, information formatting, timelines and the standards used to produce them.
The challenge for many technology, data and cybersecurity teams is using abstract cost savings, cost avoidance or return on investment. While the formula itself is not abstract, the elements that come into consideration for the accuracy of the forecast can be used by many non-technology stakeholders to evaluate a plan to determine if it is worthy of their budget investment. When unlocking additional technology investment, the most successful teams will focus on aligning their tasks and timelines to corporate imperatives. This provides visibility across executive leadership and the assignment of investment dollars already allocated for corporate initiatives.
To do this technology, data and cybersecurity teams must leverage tools that can be easily parsed and understood across the organization. I believe the more technology, data, and cybersecurity teams can leverage common business measurement tools, the more effective they will be at showcasing the value they bring to an organization. Some common tools I see being adopted by teams to showcase their investments and align across an organization include:
- Value Creation Plan (VCP) - While VCPs are common within the private equity world, they are highly effective when showcasing investments against a specific asset within an organization. Including governance structures, responsible parties and metrics makes them clear and concise. Using the VCP format and components to showcase technology, data, and cybersecurity initiatives can preempt questions from leadership regarding how an investment will be realized in an organization.
- Generally Accepted Accounting Principles (GAAP) - How a technology, data or cybersecurity team pays for their initiatives is equal to and often more important than how they execute the work. Technology work's impact on a company's bottom line can make or break their financial statements. All technology, data and cybersecurity leaders should be well-versed in the language of the Chief Financial Officer and the company's stated financial objectives. The simplest way a team can positively impact is by ensuring their work is justified, tracked and structured to be capitalized, driving an immediate positive impact on the company's bottom line. Capitalization is one of many considerations in GAAP standards that technology teams should be aware of and consider when planning and executing their work.
Once we align on our tool and communication of value method, we need to adjust the language we use and structure to showcase the value we provide across common technology, data and cybersecurity projects. Showcasing all technology, data and cybersecurity projects through the lens of corporate and business metrics leads to better understanding and acceptance across the business. Some common IT metrics and their business counterparts can include:
- Cybersecurity - "patched vulnerabilities identified over time"
- Rather than patches applied, discuss risk reduction and its impact on the organization for limiting potential losses or repetitional harm. The most impactful cyber organizations are those that look at the holistic threat landscape and apply their investments to the threats that pose the greatest threat of harm, either from misuse, loss of data or fines for non-compliance.
- Data - "number of data sets onboarded to the corporate data platform"
- Instead of focusing on the data contained in a data platform, focus on measuring the adoption of that platform. Report regularly about the number of regular data consumers, the number of reports generated and the business units they support. This turns the conversation from one of building to a focus on adoption. This measure also helps identify business users who can act as organizational champions for the capabilities they value.
- Technology - "average close time for IT incidents"
- Moving beyond simple measurement of ticket times, successful IT teams measure the productivity impact they have. Showcasing how they saved teams valuable productivity, time, and efficiency becomes a powerful statement for investment in resiliency and support capabilities.
Technology, data, and cybersecurity teams often feel doom and gloom when working to gain support and investment. But all is not lost. Organizations see the value data and AI bring to product launches, customer adoption and revenue. It falls to the technology, data and cybersecurity teams to bring their initiatives and investments forward so that other business leaders understand the full scope of impact while balancing endless tradeoffs between limited budget, risk, market forces and organizational change.
Share this
You May Also Like
These Related Stories
No Comments Yet
Let us know what you think