Executive Management Are Becoming More Engaged In Information Security
Dealing with business and executive managers has been a persistent occupational hazard for security professionals. Business managers didn’t want policy enforcement to get in the way of business productivity. CEOs and CFOs tended to eschew “good security” for “good enough security.” The biggest role they played here was that of budget cutter.
This minimalist attitude toward cyber security appears to be changing. According to ESG research, 29% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) say that executive management is, “much more engaged with information security situational awareness and strategy,” than a year ago while another 40% of enterprise security professionals say that executive management is, “somewhat more engaged with information security situational awareness and strategy,” than a year ago.
Why the change? CEOs are reading about cybersecurity incidents in the Wall Street Journal and watching share prices of breached companies plummet. The Google Aurora security attack of 2010 and subsequent wave of APTs were also a wake-call for business mucky-mucks that nation states and competitors may be stealing their intellectual property from under their noses. Whether they like it or not, CEOs now realize that they have skin in the cybersecurity game so they better be prepared.