Enterprising Developments

Security-Savvy Execs Share Their Secrets

Joe McKendrick
Insurance Experts' Forum, May 21, 2012

Last week, I reported on remarks from Deutsche Bank's John Meakin regarding the need for openness in IT security efforts, versus attempting to lock everything down as tight as possible. Along these lines, the IBM Center for Applied Insights just released a study that reinforces the message that IT security is the concern of the entire enterprise. (Meakin also participated in this study.)

The report, based on a survey of 139 IT security executives, identified the best practices seen at companies leading the way in IT security thinking:

C-level executives are aware and provide increasing budgetary support: Nearly two-thirds of security leaders surveyed say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. Budgets are expected to increase as well. Two-thirds of security leaders expect spending on information security to rise over the next two years. Of those, almost 90 percent anticipate double-digit growth. One-in-ten expects increases of 50 percent or more.

Shift attention toward risk management: In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues.

Security seen as a business—as opposed to technology—imperative: The survey identified 25 percent of respondents whose companies are progressive in terms of security ranking, rating themselves highly in both maturity and preparedness. These security leaders have business influence and authority—a strategic voice in the enterprise. In fact, one of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, as cited by 60 percent of respondents: “These leaders understand the need for more pervasive risk awareness—and are far more focused on enterprise-wide education, collaboration and communications.”

Security established as a cross-enterprise initiative: “Forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business, finance and human resources operations. Sixty-eight percent of advanced organizations had a risk committee, versus only 26 percent in the least advanced group.”

Data-driven decision making and measurement is employed: “Leading organizations are twice as likely to use metrics to monitor progress, the assessment showed (59 percent versus 26 percent). Tracking user awareness, employee education, the ability to deal with future threats, and the integration of new technologies can help create a risk-aware culture.”

C-suite shares budgetary responsibility: Within most organizations, CIOs typically have control over the information security budget. “In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets.” Less security-savvy organizations, however, often lack a dedicated budget line item altogether, “indicating a more tactical, fragmented approach to security.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Strategic Initiatives for 2015: Making Sense of the Shifts

Insurers must choose between embracing innovation or just continuing with business as usual and run the risk of becoming a casualty in the new competitive battle.

To Stay in the Game, Insurers Must Aggressively Embrace New Consumer Technologies

Emerging technologies displayed at the CES could be some of the greatest change agents since the introduction of the Internet, offering breakthroughs that could challenge many businesses.

The Usage-Based Insurance (UBI) Short Cut

Developing a usage-based insurance program has now gotten easier.

Marketing: The Insurer’s Shadow IT Department

Marketing executives continue their march into the insurance data center.

Digital Failings

We live in a brave new world now with digital devices and equipment surrounding us in a sea of capabilities that (generally) improve the quality of our experiences.

Life in the Cloud – Vendor Activity is High

Celent surveyed 41 vendors about their cloud applications, pricing models, platform investments and their expectations of where the market is going.