Experienced a Breach?
|
Support
|
Contact Us
|
+1 855 426 3983
Blog
/
Cyber Resilience
Aishwarya Ramani
Sr. Solutions Marketing Manager
Illumio Editorial
October 28, 2025
23 min. read

3 Practical Ways to Win Buy-In for Your Cybersecurity Projects

Recently, I talked with the security team at a large financial institution who were ready to implement a new platform. They’d built a rock-solid business case, outlined clear risks, and mapped it all to their security strategy. They were ready to roll.

And then came the real problem they hadn’t anticipated. Team dynamics.  

After all, they’d heard, internalized, and implemented all the good advice on the street. They focused on the business problem. They made it about the larger picture. And yet, they couldn’t get their colleagues in networking to march to the same tune.  

It started with a networking lead pushing back: “Why are we bringing in new tools when we still have licenses with this other platform?”

Bringing in the finance angle is like the opposite team playing the Draw 4 card in a game of UNO. You now have to hop through extra, unexpected hurdles to get the project started that can keep you from accomplishing your goal.  

Cybersecurity projects sometimes fail because of weak tech. But often, they stall out because teams don’t see eye-to-eye, leaders don’t stay engaged, and the broader organization doesn’t understand why any of it matters in the first place.

If you’re trying to get buy-in for a security initiative, let’s talk about how to actually move the needle.

The most common cybersecurity project buy-in blocker

Cross-team pushback is the top (and most frustrating) blocker for cybersecurity initiatives.

Every team in your organization has its own roadmap, budget, and incentives. Your security project, no matter how business-critical, can feel like a detour to someone else.

It could be that your proposal overlaps with tools they already bought (even if no one’s using them), or perhaps they’re worried your new system will break theirs. New projects are an added resource overhead, which the other team might just not be ready for at the moment.  

These conversations can get messy fast, not because the technology is wrong, but because it bumps up against other teams’ priorities, plans, or power dynamics.  

Sometimes it's about control, but often it can be about timing. Sometimes teams can get stuck in self-preservation mode. This siloed thinking often slows down progress.  

Why executive sponsorship is especially important

The common theme that emerges in most conversations I have with Illumio sales representatives or our customers with successful implementations is leadership buy-in.  

Getting leadership endorsement isn’t just about checking a political box. It sets the project’s tone for the entire organization.

When leadership publicly backs a cybersecurity initiative, it creates momentum. It tells the organization that:

  • This project matters.
  • We’re serious about long-term resilience, not short-term band-aids.
  • Teams are expected to work together, not create roadblocks.

Strong top-down support is like rocket fuel for implementation. Without it, there’s no back-up for why other teams should make it work.

3 ways to get buy-in for your cybersecurity project

How do you get everyone on the same page, especially when their priorities don’t match yours? Here are the best tactics you can use.

1. Listen first, then strategize

In my experience, most cybersecurity projects stall due to individuals who feel unheard, unsure, or unconvinced. That’s why the smartest first move is listening.

Before you present your plan, take the time to understand what’s going on beneath the surface:

  • What’s keeping this team up at night?
  • What’s already on their plate?
  • Have they had bad experiences with similar projects in the past?
  • Are there invisible pressures or politics at play?

You’re gathering surface-level objections, but you’re also reading the room.

This kind of active listening helps you uncover the emotional, logistical, or cultural blockers that don’t show up on a risk register. And once you understand those, you can be more strategic in how and when you bring your initiative forward.

Listening builds trust, and trust opens the door for real collaboration.

2. Find common ground  

No one’s going to rally behind your cybersecurity project just because it’s the best product on the market. If it doesn’t speak to their priorities, it won’t move.

Take what you learned from your listening tour and align on shared outcomes — things everyone cares about. These can include things like:  

  • Recovery time  
  • Reduced ticket volume
  • Fewer disruptions
  • Predictable change management cycles

When you show people that your project can help them move their own goals forward, you move from being a blocker to an enabler. That’s how buy-in starts to snowball.

3. Tell a story that sticks

Facts inform, but stories persuade. People act when they feel inspired to, and good story telling is the key.  

Storytelling makes abstract threats tangible. It helps people imagine the consequences, outcomes, and benefits in a way data alone never will.

So, while saying something like, “We need to invest in stronger segmentation,” is accurate, it’s likely going to be more fruitful to tell a story instead:

“Last year, a company just like ours got hit by ransomware. Their breach containment strategy saved them from shutting down for weeks. We could do that too, or we could be in the headlines.”

Use comparisons to similar organizations, examples from real incidents, or even mini “what-if” scenarios to make your point stick. Bring the risk and the reward to life. This line of discussion brings the urgency into context, and your tune finds better resonance.  

The goal is context. A well-told story helps people visualize the why behind your initiative, not just the what.

Cybersecurity projects won’t sell themselves

There’s never been more pressure on security teams to do more, prove ROI, and move fast.

Budgets are tighter, architectures are messier, and threats are smarter. And still, we’re expected to defend the business without disrupting it.

That means we need more than good tech. We need influence, buy-in, and the ability to bring people together before a breach forces their hands.

So, the next time you’re trying to get your cybersecurity project off the ground, remember:

  • Don’t expect alignment on tools. Align on outcomes instead.
  • Use storytelling. Make it real, not theoretical.
  • Speak their language. Show how your project solves their problems.
  • Get leadership support early. And keep them engaged through delivery.
  • Focus on the mission. It’s easier to agree on purpose than process.

Getting project buy-in is a skill, and in today’s threat landscape, it might just be the most important one you have. Tech gets deployed, but it’s people who make progress happen.  

Want to see how Illumio helps organizations move from intent to action with real-world security outcomes? Experience Illumio Insights free for 14 days.

Related topics

Cyber Resilience

Related articles

Operationalizing Zero Trust – Step 4: Prescribe What Data is Needed
Cyber Resilience

Operationalizing Zero Trust – Step 4: Prescribe What Data is Needed

Learn about an important step on your organization’s Zero Trust journey: prescribing what data is needed.

Read more
Cybersecurity Predictions for 2021
Cyber Resilience

Cybersecurity Predictions for 2021

Assuming the cloud solves everything, too many organizations overlook endpoint security. Here’s what this means for DevSecOps and cyber risk.

Read more
5 Zero Trust Tips for Retailers and Manufacturers From Brooks Running
Cyber Resilience

5 Zero Trust Tips for Retailers and Manufacturers From Brooks Running

Learn why shoe retailer, Brooks Running, is a brilliant example of a business implementing Zero Trust controls in a practical way.

Read more
The CISO’s Playbook: How Trust Makes Security a Business Growth Engine
Cyber Resilience

The CISO’s Playbook: How Trust Makes Security a Business Growth Engine

Discover how Illumio’s Erik Bloch shows trust can turn security from a cost center into a business growth engine that drives sales and scale.

Read more
Inside Illumio CEO Andrew Rubin’s Cybersecurity Leadership Playbook
Illumio Culture

Inside Illumio CEO Andrew Rubin’s Cybersecurity Leadership Playbook

Discover Illumio CEO Andrew Rubin’s leadership lessons from the Master Move podcast, from building through uncertainty to leading with authenticity and conviction.

Read more
How to Build a Zero Trust Strategy That Puts Breach Containment First
Cyber Resilience

How to Build a Zero Trust Strategy That Puts Breach Containment First

Learn why breach containment and microsegmentation are essential to a Zero Trust strategy and resilient cybersecurity posture.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more