Enterprising Developments

Security-Savvy Execs Share Their Secrets

Joe McKendrick
Insurance Experts' Forum, May 21, 2012

Last week, I reported on remarks from Deutsche Bank's John Meakin regarding the need for openness in IT security efforts, versus attempting to lock everything down as tight as possible. Along these lines, the IBM Center for Applied Insights just released a study that reinforces the message that IT security is the concern of the entire enterprise. (Meakin also participated in this study.)

The report, based on a survey of 139 IT security executives, identified the best practices seen at companies leading the way in IT security thinking:

C-level executives are aware and provide increasing budgetary support: Nearly two-thirds of security leaders surveyed say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. Budgets are expected to increase as well. Two-thirds of security leaders expect spending on information security to rise over the next two years. Of those, almost 90 percent anticipate double-digit growth. One-in-ten expects increases of 50 percent or more.

Shift attention toward risk management: In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues.

Security seen as a business—as opposed to technology—imperative: The survey identified 25 percent of respondents whose companies are progressive in terms of security ranking, rating themselves highly in both maturity and preparedness. These security leaders have business influence and authority—a strategic voice in the enterprise. In fact, one of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, as cited by 60 percent of respondents: “These leaders understand the need for more pervasive risk awareness—and are far more focused on enterprise-wide education, collaboration and communications.”

Security established as a cross-enterprise initiative: “Forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business, finance and human resources operations. Sixty-eight percent of advanced organizations had a risk committee, versus only 26 percent in the least advanced group.”

Data-driven decision making and measurement is employed: “Leading organizations are twice as likely to use metrics to monitor progress, the assessment showed (59 percent versus 26 percent). Tracking user awareness, employee education, the ability to deal with future threats, and the integration of new technologies can help create a risk-aware culture.”

C-suite shares budgetary responsibility: Within most organizations, CIOs typically have control over the information security budget. “In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets.” Less security-savvy organizations, however, often lack a dedicated budget line item altogether, “indicating a more tactical, fragmented approach to security.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

What Can Insurers Learn from Home Depot?

The latest cyber-attack highlights the importance of helping policy holders defend themselves.

Not Your Father’s Insurance Company

Carriers need to look at new and impactful ways to be there for their customers.

Watch Out. Apple with Mayo is Heading Your Way

From a health care, health insurance and Internet-of-things perspective, questions still remain.

How to Attract Top Tech Talent

When it comes to rankings of the best places to work, insurers are few and far between. Here’s what those who make the lists do to appeal to IT professionals.

New Generation of Data and Analytics in Cloud

Cloud-based data and analytics products are becoming more common among technology companies, small and midsize businesses and departments.

Aligning People, Processes and Technology for Successful Data Governance

Before your data governance project turns into a nightmare, create a data governance team to help people understand and manage the big data challenge, not just their respective pieces.