Why you need a business case, even if it doesn’t seem worth it
Showing my work on how to build a business case led to some great conversation on LinkedIn and popular question:
Is it worth it to build a business case?
I get it. Some organizations rely on business cases, while others go through the motions to check a box. Some organizations disregard business cases completely, and it shows.
Do you need a business case?
Yes, you do.
Even if you think building a business case is a waste of time and energy. Allow me to explain.
Calibrate your expectations — then do it anyway (here’s why)
It is important to understand what the organization wants and calibrate your expectations. The mismatch in expectations creates a lot of friction, frustration, and often ends up disconnecting us from our value. We don’t want that, so figure out what they need and want.
That way, you can build a business case that benefits you and use it to give them what they need.
Building a business case is an essential practice for leaders today. Especially security leaders, who want to connect with the business. A good business case offers clarity on business risk and business value.
Get clarity or get friction
Deliver value faster by clarifying the business problem, what success looks like, what’s at stake, expected value, and how the business benefits. A business case captures all of those and explores the approach or options to solve the problem.
Clarity is the fuel for acceleration.
Lack of clarity breeds friction that erodes value, destroys trust, and burns people out. Friction creates frustrating situations with rework and wasted work. As friction builds, our project slows down and everything gets more complex, takes longer, and costs more.
We deliver value when we finish the work.
Think of a business case as a head start on figuring out the path with the least friction and most value.
Where’s the value?
To deliver value, you need to solve the right problems. The right problems always connect to business risk (which differs sometimes from cyber or technical risks).
The key is understanding how solving the problem delivers value. When you can’t tell which problem to solve — or more often, when everything is urgent — use the value exchange to find the true priority.
Clarifying value builds confidence in action.
You can show what you document
An overlooked benefit of a business plan is how it serves as a documented record of the thought process and decision. You can show the business plan to other people. It’s a great way to get everyone on the same page at the start.
But it also helps once you dig in and things get messy, and the approach needs to change. Or maybe the situation changed and you need to adapt. Having the business case allows you to go back to the documented understanding of the problem, value, and approach to make necessary changes.
This allows you to update everyone, adapt the approach and keep your focus on delivering value — with less wasted work, rework, and friction.
Build competence, especially when it gets messy
The best way to learn is to build and follow a business case. Even if it doesn’t work out as planned, you learn how to identify and clarify the right problems, bring people together, figure out the value, and determine the approach to deliver value faster.
This is a skill that increases your value that only comes with intentional practice. And yes, it means your reward is more problems to solve.
It’s always “worth it” to build a business case
Whether you do it for the organization, your team, or for yourself, building a business case is worth it.
The more you embrace the process, the more you learn about risk and value through a business lens. This leads to a reputation as a leader who can clarify business risk for the entire organization, not just for the security or the technical teams.
As you solve the right problems and deliver value faster, your confidence goes up — and you build a strong and necessary connection with the business, earning your seat at the table and making a difference.
Originally published at https://securitycatalyst.com.