It has been a long time coming, but it actually seems heads of companies are starting to come around on the issue of security.
One indicator of that is senior executives in charge of security are finding their roles changing not only as they deal with the growing rates of data breaches and hack attacks but also by the increasing interest from chief executives, according to a survey from IBM.
As a result, chief information security officers (CISOs) are becoming a more significant presence in corporate boardrooms with a greater input into strategy, and also are shifting more toward risk management than simply reacting to one security incident after another, IBM’s Center for Applied Insights found in its study “Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment.”
In the study, IBM interviewed 130 security executives from around the world.
“This data painted a profile of a new class of CISO leaders who are developing a strategic voice, and paving the way to a more proactive and integrated stance on information security,” said David Jarvis, author of the report and senior consultant at the IBM Center for Applied Insights. “We see the path of the CISO is now maturing in a similar pattern to the CFO from the 1970s, the CIO from the 1980s, from a technical one to a strategic business enabler. This demonstrates how integral IT security has become to organizations.”
CISOs are feeling pressure from above, given that the nature of their jobs means protecting key corporate assets, from money to customer data to intellectual property, according to IBM. Two-thirds of the survey’s respondents said their senior executives, sensitive to the rash of stories about high-profile data breaches and lost data over the past couple of years, are paying more attention to security now than they were two years ago. In addition, two-thirds also said they expect corporate spending on information security to increase over the next two years, with 87 percent of those expecting a double-digit increase.
Mobile security is becoming a key issue; more than half of the respondents said it will be a primary technology concern over the next two years. Various reports have shown increases in attacks on mobile devices over the past year, as smartphones and tablets become increasingly popular with consumers and businesses alike. In February alone, malware targeting mobile operating systems jumped 155 percent in 2011 when compared with the previous year, and malware aiming at Google’s Android OS skyrocketed 3,325 percent, according to a report from Juniper Networks.
IBM researchers saw several characteristics in the type of CISO they called “influencers” — those who help influence business strategies tend to be more prepared and confident than the “protectors” and “responders.” One characteristic was the influencer sees security more as a business imperative than a technology one, and these CISOs tend to have the ear of businesses leaders and directors. They are more aware of risks, more collaborative and communicative across the enterprise, and are more forward-thinking—and more likely to have a security steering committee.
“Security in a hyper-connected era presents a new set of challenges, but these can be greatly eased by implementing innovative practices and adopting a more integrated, holistic approach,” said Marc van Zadelhoff, an author of the report and vice president of Strategy for IBM Security Systems. “CISOs that prioritize these factors can help their organizations significantly improve business processes and achieve measurable success in their progress toward building a risk-aware culture that is agile and well-equipped to deal with future threats.”