Reading Time:  2 Minutes

I live in San Francisco and really enjoy partaking in all things tourist-related. It was during this year’s RSA Conference that I uncovered a new hidden tourist attraction – the San Francisco Cable Car Museum – a real gem that could teach us a lesson about selling data protection strategies to business managers.

Anyone who has visited or has the good fortune to live in San Francisco will tell you that it’s the cable car that single-handedly puts San Francisco on the map (well, that and the occasional earthquake).  If you’ve visited, you’ve probably had the opportunity to ride up and down the vast hills of the city on one of these cable cars.

According to the legend, the idea for the cable car was brought to San Francisco by Andrew Smith Hallidie back in 1869 after witnessing horses being whipped while they struggled on the wet cobblestones. The horses slipped and were dragged to their death inspiring Smith Hallidie to improve this horse-drawn system of transport.  While this treatment of horses may have seemed inhumane, it alone was not enough for the idea of the cable car to really take off.  What was the real advantage?  Eradicating the smell of the horses, hay and manure that was littering city.  Removing the smell – and not necessarily saving the horses – turned out to be a key selling feature of the cable car.

Later in this century the expense of the cable car was challenged and an argument was made to discontinue it for the more cost-effective bus system. In response, a public campaign showed the value of cable cars to San Francisco was far greater than their operational cost.  The value of the cable car won and today remains the world’s last permanently operational manually-operated cable car system.

Keep this example in mind the next time you need to sell your data protection strategy to your management.  I encourage you to think about what will “smell the most” when you fail to protect data. What will be the tipping point to sell your data security strategy? Cost of a data breach? Lost business from destroyed customer trust? The key selling point will most likely be different for different organizations — and could be something unique to your business.  Be sure to include an analysis of the potential costs of a breach and lost business from destroyed customer trust (the real smell that gets management’s attention).  To help you get started, we’ve created some worksheets that are available in our Data Breach Prep Kit.

At the end of the day, its up to us to sell the value of data protection and build the business case to show the value of protecting customers is far greater than the operational cost of protecting data.  By the way, the operational costs of data breach are growing, so now more than ever it makes sense to protect customer data.  If you’ve been discouraged from past discussions with your management, I encourage to take another look at the costs again.  And, if you want a “cheat sheet” for building a case for data protection, here is a recent webcast I did for ISC2 that you can watch at your convenience.  Best of luck!