Why corporate security fails – A focus on leadership

September 8, 2016

It looks like 2016 is set to be the year when Information Security gets serious. This year is predicted to break records in terms of investment in cyber-security measures, with organisations predicted to allocate nearly nine percent of their entire IT budget to security.

Great news for cyber-security product vendors (!), but with history telling us that reported breaches and losses from cyber-attacks are still increasing just as quickly; just what is going wrong with corporate cyber-security?

Whose job is cyber-security anyway?

For too many organisations, cyber-security is seen as the sole responsibility of the company CIO or CISO, when the reality is that everyone now needs a sound appreciation of cyber-security best-practices. Not holding accountability for securing sensitive data will not help protect an organisation’s valuable assets, but this trend has become all too common within information security roles. Whether that be with intensive training and education or by implementing security solutions that will help mitigate the problems from happening, it all starts with strong leadership.

Cyber-security is closely tied to customer loyalty and trust, and if not taken seriously, can leave customers looking elsewhere and do significant damage to your brand’s reputation. Having a leader who will talk to employees about business risks as an implication of a cyber issue will help lead to effective change in the work place. In fact, being cyber-resilient can even be seen as a competitive advantage and a means of staying ahead of the competition. If a potential customer has the option to side with a company who sees cyber-security as a priority and a company who sees cyber-security as an unmanageable task, who do you think they would choose?

Read full story…