Enterprising Developments

Security-Savvy Execs Share Their Secrets

Joe McKendrick
Insurance Experts' Forum, May 21, 2012

Last week, I reported on remarks from Deutsche Bank's John Meakin regarding the need for openness in IT security efforts, versus attempting to lock everything down as tight as possible. Along these lines, the IBM Center for Applied Insights just released a study that reinforces the message that IT security is the concern of the entire enterprise. (Meakin also participated in this study.)

The report, based on a survey of 139 IT security executives, identified the best practices seen at companies leading the way in IT security thinking:

C-level executives are aware and provide increasing budgetary support: Nearly two-thirds of security leaders surveyed say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. Budgets are expected to increase as well. Two-thirds of security leaders expect spending on information security to rise over the next two years. Of those, almost 90 percent anticipate double-digit growth. One-in-ten expects increases of 50 percent or more.

Shift attention toward risk management: In two years, security leaders expect to be spending more of their time on reduction of potential future risk, and less on mitigation of current threats and management of regulatory and compliance issues.

Security seen as a business—as opposed to technology—imperative: The survey identified 25 percent of respondents whose companies are progressive in terms of security ranking, rating themselves highly in both maturity and preparedness. These security leaders have business influence and authority—a strategic voice in the enterprise. In fact, one of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, as cited by 60 percent of respondents: “These leaders understand the need for more pervasive risk awareness—and are far more focused on enterprise-wide education, collaboration and communications.”

Security established as a cross-enterprise initiative: “Forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business, finance and human resources operations. Sixty-eight percent of advanced organizations had a risk committee, versus only 26 percent in the least advanced group.”

Data-driven decision making and measurement is employed: “Leading organizations are twice as likely to use metrics to monitor progress, the assessment showed (59 percent versus 26 percent). Tracking user awareness, employee education, the ability to deal with future threats, and the integration of new technologies can help create a risk-aware culture.”

C-suite shares budgetary responsibility: Within most organizations, CIOs typically have control over the information security budget. “In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets.” Less security-savvy organizations, however, often lack a dedicated budget line item altogether, “indicating a more tactical, fragmented approach to security.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Living with the Internet of Things (and crowd funding)

The Internet of Things has it’s teething problems.

6 Technology Priorities for Individual Life Carriers

While many aging, generally mainframe-based systems, remain capable of supporting basic policy processing and accounting functions, the costs associated with enhancing them are becoming increasingly problematic.

With Google Favoring Mobile, Will The Industry Take it Seriously?

Google’s search engine will now will favor mobile friendly content over traditional website content; within the insurance industry, the greatest initial impact is likely to be felt by insurance distributors.

Why Some Technologists Get Cold Feet on Mobile

There are those who believe that favoring one channel or mode over another will lead to even more silos and dysfunction than we already have in many organizations.

Insurance IT Spending and Budgeting Benchmarks

New research from Novarica highlights areas of concern and offers insights on insurers spending and budgeting decisions.

Enterprise Mobilemania Continues Unabated

More than half of companies are spending more on developing mobile applications -- but are they more efficient?