When it comes to project management, there are three constant constraints: Cost, Quality, and Time. Project managers are constantly juggling this constraint triage. There is no perfect solution, only trade-offs. For example, if you focus too much on cutting costs, quality will suffer significantly, and the time it takes to complete the project could also increase. The more you focus on quality, the more money and time needed to complete the project. Concentrating on quick results can be very costly and will undoubtedly lower quality. Project managers must balance these three constraints and complete the project by blending Cost, Quality, and Time in a manner that the organization and stakeholders deem acceptable.
Project Management Triangle
The project management Triangle, sometimes called the "Scope Triangle," "Quality Triangle," or "Iron Triangle," is a visual representation of balancing the three constant constraints, Costs, Scope, and Time. At this point, it is worth noting that most project management triangle models do not include quality as one of the three constraints; quality is often seen as the goal or outcome for a project. However, some models do swap scope with quality. This post will consider quality as a constraint. "The triangle model demonstrates how one element cannot be altered without affecting the other constraints" (Clarizen, 2019). Costs do not always equate to monetary (money) costs. Costs references resources such as budget, number of team members, equipment and facilities, and opportunity costs (Asana, 2021). Opportunity cost refers to spending resources on one project when they could have been allocated to other endeavors. Quality is often seen as a goal or outcome in the project management triangle. And for good measure, "quality represents the fit-to-purpose that the project must achieve to be a success" (Jenkins, n.d.). Quality suffers when you take away time and resources. For example, imagine giving an artist an hour as opposed to a day to complete their work. Now imagine taking away their favorite tool they use to draw/paint. The quality of their work will never be the same. Time is a limited resource that most everything is constrained by, especially projects. Project completion depends on the number of people working on a project, the skills and experience they have, and other resources such as equipment. "Most often, the main reason for organizations to fail in terms of time is due to lack of resources" (Tutorials Point, n.d.). Sounds familiar? These are the same resources that affect both costs and quality. This is because one constraint always affects another in the project management triangle.
Cybersecurity Project Management
When it comes to cybersecurity, quality should be the focus. This is because cutting costs when implementing cybersecurity is incredibly risky. "Cybersecurity is no longer a 'nice to have' – it’s a 'need to have' for business, and it needs to be a part of your business’s budget, too" (Maureen Data Systems, n.d.). Cyber-attacks can be very costly; Timothy Guim from pchtechnologies lists the average cost of cyberattacks for each company size:
Small companies (1-49 employees) lost an average of $24,000 each in 2020
Medium-sized companies (50-249 employees) lost an average of $50,000 each in 2020
Large companies (250-999 employees) lost an average of $133,000 each in 2020
Enterprise-level companies (1000+ employees) lost an average of $504,000 each in 2020
Cutting costs in cybersecurity is almost equivalent to not investing in it all. For example, imagine spending money (but not enough) on cybersecurity and still getting hit with a cyberattack. The sunk costs are all for not. Instead, it's better to "buy once cry once" when it comes to cybersecurity. Spending more on cybersecurity provides peace of mind and truly saves money in the long run. In addition, cyberattacks are not slowing anytime soon. Instead, they are increasing year over year.
Time is a constraint in terms of cybersecurity. However, it's not as much as a constraint. This is because cybersecurity is a continuous process. You are never "done" incorporating cybersecurity. It is better to take a slow, methodical approach and implement policies, procedures, and technologies that focus on quality. Speedy implementations can cause things to be overlooked, which leaves holes in cybersecurity.
"The benefits of good cybersecurity are well worth the expense. When you consider the fact that only about 3% of your revenue needs to go in this direction, the facts become obvious" (Guim, 2021).
Summary
No matter the size and scope, every project faces the three big constraints of Cost, Quality, and Time. The project management triangle shows the trade-offs between each constraint. Each constraint affects the other, and there is no perfect solution. Each constraint is valued differently depending on the stakeholder's views, organization needs, available resources, and the project itself. When it comes to cybersecurity, it is best to focus on quality over costs and time. Spending too little on cybersecurity may not provide adequate protection resulting in more significant losses than not implementing cybersecurity at all. Time is not a major constraint because cybersecurity is a continuous process that never ends. Spending too little time may cause things to be overlooked, resulting in gaps in the cybersecurity posture. It only takes a single gap for a cyberattack to be effective, which is why it is best not to cut corners and sacrifice quality when implementing your cybersecurity strategy.
References
Asana. (2021, July 4). The project management triangle: What it is and how to use it. https://asana.com/resources/project-management-triangle
Clarizen. (2019, March 22). What is the project management triangle? https://www.clarizen.com/what-is-the-project-management-triangle/
Guim, T. (2021, July 7). Cost of cyber attacks vs. cost of cyber security in 2021. PCH Technologies. https://pchtechnologies.com/cost-of-cyber-attacks-vs-cost-of-cyber-security-in-2021/
Jenkins, N. (n.d.). A project management primer: Basic principles - Scope triangle. Project Smart. https://www.projectsmart.co.uk/best-practice/project-management-scope-triangle.php
Maureen Data Systems. (November). The cost of cybersecurity and how to budget for it. Retrieved October 31, 2021, from https://www.mdsny.com/the-cost-of-cybersecurity-and-how-to-budget-for-it/
Tutorials Point. (n.d.). Project management triangle. Retrieved October 31, 2021, from https://www.tutorialspoint.com/management_concepts/project_management_triangle.htm