Experienced a Breach?
|
Support
|
Contact Us
|
+1 855 426 3983
Blog
/
Cyber Resilience
Aishwarya Ramani
Sr. Solutions Marketing Manager
Illumio Editorial
November 6, 2025
23 min. read

3 Practical Ways to Win Buy-In for Your Cybersecurity Projects

Recently, I talked with the security team at a large financial institution who were ready to implement a new platform. They’d built a rock-solid business case, outlined clear risks, and mapped it all to their security strategy. They were ready to roll.

And then came the real problem they hadn’t anticipated. Team dynamics.  

After all, they’d heard, internalized, and implemented all the good advice on the street. They focused on the business problem. They made it about the larger picture. And yet, they couldn’t get their colleagues in networking to march to the same tune.  

It started with a networking lead pushing back: “Why are we bringing in new tools when we still have licenses with this other platform?”

Bringing in the finance angle is like the opposite team playing the Draw 4 card in a game of UNO. You now have to hop through extra, unexpected hurdles to get the project started that can keep you from accomplishing your goal.  

Cybersecurity projects sometimes fail because of weak tech. But often, they stall out because teams don’t see eye-to-eye, leaders don’t stay engaged, and the broader organization doesn’t understand why any of it matters in the first place.

If you’re trying to get buy-in for a security initiative, let’s talk about how to actually move the needle.

The most common cybersecurity project buy-in blocker

Cross-team pushback is the top (and most frustrating) blocker for cybersecurity initiatives.

Every team in your organization has its own roadmap, budget, and incentives. Your security project, no matter how business-critical, can feel like a detour to someone else.

It could be that your proposal overlaps with tools they already bought (even if no one’s using them), or perhaps they’re worried your new system will break theirs. New projects are an added resource overhead, which the other team might just not be ready for at the moment.  

These conversations can get messy fast, not because the technology is wrong, but because it bumps up against other teams’ priorities, plans, or power dynamics.  

Sometimes it's about control, but often it can be about timing. Sometimes teams can get stuck in self-preservation mode. This siloed thinking often slows down progress.  

Why executive sponsorship is especially important

The common theme that emerges in most conversations I have with Illumio sales representatives or our customers with successful implementations is leadership buy-in.  

Getting leadership endorsement isn’t just about checking a political box. It sets the project’s tone for the entire organization.

When leadership publicly backs a cybersecurity initiative, it creates momentum. It tells the organization that:

  • This project matters.
  • We’re serious about long-term resilience, not short-term band-aids.
  • Teams are expected to work together, not create roadblocks.

Strong top-down support is like rocket fuel for implementation. Without it, there’s no back-up for why other teams should make it work.

3 ways to get buy-in for your cybersecurity project

How do you get everyone on the same page, especially when their priorities don’t match yours? Here are the best tactics you can use.

1. Listen first, then strategize

In my experience, most cybersecurity projects stall due to individuals who feel unheard, unsure, or unconvinced. That’s why the smartest first move is listening.

Before you present your plan, take the time to understand what’s going on beneath the surface:

  • What’s keeping this team up at night?
  • What’s already on their plate?
  • Have they had bad experiences with similar projects in the past?
  • Are there invisible pressures or politics at play?

You’re gathering surface-level objections, but you’re also reading the room.

This kind of active listening helps you uncover the emotional, logistical, or cultural blockers that don’t show up on a risk register. And once you understand those, you can be more strategic in how and when you bring your initiative forward.

Listening builds trust, and trust opens the door for real collaboration.

2. Find common ground  

No one’s going to rally behind your cybersecurity project just because it’s the best product on the market. If it doesn’t speak to their priorities, it won’t move.

Take what you learned from your listening tour and align on shared outcomes — things everyone cares about. These can include things like:  

  • Recovery time  
  • Reduced ticket volume
  • Fewer disruptions
  • Predictable change management cycles

When you show people that your project can help them move their own goals forward, you move from being a blocker to an enabler. That’s how buy-in starts to snowball.

3. Tell a story that sticks

Facts inform, but stories persuade. People act when they feel inspired to, and good story telling is the key.  

Storytelling makes abstract threats tangible. It helps people imagine the consequences, outcomes, and benefits in a way data alone never will.

So, while saying something like, “We need to invest in stronger segmentation,” is accurate, it’s likely going to be more fruitful to tell a story instead:

“Last year, a company just like ours got hit by ransomware. Their breach containment strategy saved them from shutting down for weeks. We could do that too, or we could be in the headlines.”

Use comparisons to similar organizations, examples from real incidents, or even mini “what-if” scenarios to make your point stick. Bring the risk and the reward to life. This line of discussion brings the urgency into context, and your tune finds better resonance.  

The goal is context. A well-told story helps people visualize the why behind your initiative, not just the what.

Cybersecurity projects won’t sell themselves

There’s never been more pressure on security teams to do more, prove ROI, and move fast.

Budgets are tighter, architectures are messier, and threats are smarter. And still, we’re expected to defend the business without disrupting it.

That means we need more than good tech. We need influence, buy-in, and the ability to bring people together before a breach forces their hands.

So, the next time you’re trying to get your cybersecurity project off the ground, remember:

  • Don’t expect alignment on tools. Align on outcomes instead.
  • Use storytelling. Make it real, not theoretical.
  • Speak their language. Show how your project solves their problems.
  • Get leadership support early. And keep them engaged through delivery.
  • Focus on the mission. It’s easier to agree on purpose than process.

Getting project buy-in is a skill, and in today’s threat landscape, it might just be the most important one you have. Tech gets deployed, but it’s people who make progress happen.  

Want to see how Illumio helps organizations move from intent to action with real-world security outcomes? Experience Illumio Insights free for 14 days.

Related topics

Cyber Resilience

Related articles

Cyber Monday: Are Your Situational Crown Jewels Protected This Holiday Season?
Cyber Resilience

Cyber Monday: Are Your Situational Crown Jewels Protected This Holiday Season?

Proper protection is not fleeting like the Starbucks holiday product glossary. Good security should be baked in and accounted for all year round.

Read more
Connected Medical Devices: Healthcare’s Top Cybersecurity Vulnerability
Cyber Resilience

Connected Medical Devices: Healthcare’s Top Cybersecurity Vulnerability

Get insight into connected IoT medical device security vulnerabilities and how to solve it with Zero Trust Segmentation.

Read more
5 Things I Learned From a Former FBI Most-Wanted Hacker
Cyber Resilience

5 Things I Learned From a Former FBI Most-Wanted Hacker

Learn five eye-opening lessons from Brett Johnson, former most-wanted cybercriminal, on deception, trust, and why Zero Trust is more important than ever.

Read more
The CISO’s Playbook: How Trust Makes Security a Business Growth Engine
Cyber Resilience

The CISO’s Playbook: How Trust Makes Security a Business Growth Engine

Discover how Illumio’s Erik Bloch shows trust can turn security from a cost center into a business growth engine that drives sales and scale.

Read more
Inside Illumio CEO Andrew Rubin’s Cybersecurity Leadership Playbook
Illumio Culture

Inside Illumio CEO Andrew Rubin’s Cybersecurity Leadership Playbook

Discover Illumio CEO Andrew Rubin’s leadership lessons from the Master Move podcast, from building through uncertainty to leading with authenticity and conviction.

Read more
How to Build a Zero Trust Strategy That Puts Breach Containment First
Cyber Resilience

How to Build a Zero Trust Strategy That Puts Breach Containment First

Learn why breach containment and microsegmentation are essential to a Zero Trust strategy and resilient cybersecurity posture.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more