It’s not that long since responsibility for information security lay firmly at the door of the IT department. Not viewing it as a business critical issue, boardrooms were happy to take a watching brief; after all, they had a company to run.
Recent times and a changing threat landscape have driven a change in attitude, however. From privacy and compliance legislation to high profile data breaches, intellectual property protection and network security, it’s a lot easier to make the business case for IT security. As such, security has climbed up the business agenda for many organisations, moving from a ‘nice to have’ to an essential component of the day-to-day business.
There’s nothing like the threat of financial penalties, criminal proceedings or serious reputational damage to focus the business mind on the need for a high quality, unified security strategy. The current economic climate has, however, put some IT departments under significant pressure to run security programs on ever-tightening budgets. A survey released by PricewaterhouseCoopers this week found that only half of global respondents said they planned to increase their spend on security over the next year; in the UK, that figure’s 35 per cent. This despite the fact that 85 per cent of PwC’s respondents claimed to have experienced a security breach of some kind over the previous six months.
To maximise return on information security investment, it is vital that any programme has senior management buy-in. Security is no exception and, in order to retain priority status, needs to evolve alongside the changing technologies that have become pivotal in the workplace. But it’s a two-way street: just as security technologies and policies need to evolve, so too do the humans involved. Security should never be a silo-based activity; the key to gaining buy-in across all levels of the organisation is advocacy from the highest level.
Nick Peart
No comments:
Post a Comment