No Sense of Security
By Samuel Greengard
Disconnects are nothing new in the business world. Every day, business and IT executives at organizations large and small fail to process what seems obvious and end up paying a hefty price. Apparently, security appears near the top of the list.
A new research report from the Society for Information Management (SIM) illustrates just how bad the problem is and how poorly enterprises are performing. The organization's SIM IT Trends Study: 2013 surveyed senior IT leaders and CIOs at hundreds of companies and found that security ranked number seventh on a list of enterprise business priorities even though IT leaders ranked it number two. Worse, security landed in 14th place for IT investments. That's down from the number eight spot in 2010.
Then there's privacy, which ranked dead last in the survey.
This "keep the lights on" mentality doesn't hack it in an increasingly risky business environment. Story after story and report after report demonstrate that cyber-attacks and intrusions are growing worse—and there's no end in sight. While the Great Recession and tight IT budgets have made it more difficult to navigate digital age IT challenges, it's also apparent that there's an Alfred E. Neuman aspect to all of this: What, me worry?
But CIOs should worry. Leaving the lights on and the door unlocked while nobody is home is downright foolish. IT leaders must do a much better job of educating other business leaders, including corporate boards, and take concrete steps to raise awareness and rejigger organizational priorities. This might mean unleashing a fake phishing attacks on the entire organization and even catching a CEO going for the bait. It might also mean working with a CFO to identify actual costs associated with an incident.
Yes, IT and business alignment are crucial and everyone can agree that agility is critical, but without broad and deep security protections in place, organizations are playing nothing less than a game of Russian roulette.
About the Author
Samuel Greengard is a contributing writer for CIO Insight.