Experian's leadership views security spending as the 'first dollar' spent. It's not a typical investment that requires an ROI justification but a non-negotiable, enabling cost for the entire business. This mindset ensures it is always prioritized, regardless of immediate financial pressures.
Related Insights
When lobbying for a new tool like telemetry, don't just ask for the tool. Frame its absence as a direct blocker to your core responsibilities. By stating, "I can't make decisions without this data," you tie the budget request to clear business outcomes and personal accountability.
Security products are naturally sold top-down. CISOs need central governance over a fragmented tool landscape, and the product's value is subjective and hard to measure (like insurance). This environment favors a high-touch, relationship-based sales motion, making pure bottom-up adoption difficult to monetize.
In ROI-focused cultures like financial services, protect innovation by dedicating a formal budget (e.g., 20% of team bandwidth) to experiments. These initiatives are explicitly exempt from the rigorous ROI calculations applied to the rest of the roadmap, which fosters necessary risk-taking.
Data governance is often seen as a cost center. Reframe it as an enabler of revenue by showing how trusted, standardized data reduces the "idea to insight" cycle. This allows executives to make faster, more confident decisions that drive growth and secure buy-in.
While Experian's tech CEO aims for consensus, he makes final decisions based on a clear hierarchy of principles. He will override his team's recommendation if it compromises a core value like security, even if their choice is more economically sound.
Unlike past tech waves where security was a trade-off against speed, with AI it's the foundation of adoption. If users don't trust an AI system to be safe and secure, they won't use it, rendering it unproductive by default. Therefore, trust enables productivity.
Penetration testing was often a periodic, "checkbox" exercise for compliance. Terra's continuous AI-powered approach transforms it into a strategic validation tool. It helps CISOs justify security spending and quantify business risk, aligning security efforts with business impact.
Not all business problems are created equal. Time savings often translate to five-figure cost savings, which may not be compelling. The most powerful executive problems are "six-figure problems"—major risk mitigation (avoiding lawsuits), significant revenue generation, or replacing other large costs.
The decision to invest in formal security measures like anti-phishing training should be based on team size and industry risk, not revenue milestones. The attack surface grows with each new employee, making a headcount of 15-20 a practical trigger point to implement such policies.
Synthesia views robust AI governance not as a cost but as a business accelerator. Early investments in security and privacy build the trust necessary to sell into large enterprises like the Fortune 500, who prioritize brand safety and risk mitigation over speed.
