At least 3 industries see business value in security


For many companies even today, information security investments are driven largely by compliance demands rather than by business strategy. However, three industries may be leading the way in changing that dynamic. Large technology, media and telecommunications companies are recognizing that a security strategy and roadmap are vital business issues unto themselves, according to a study by Deloitte Touche Tohmatsu Ltd.

While the IT security pros at many companies continue to struggle to grab the attention of the top decision makers, the chief executives and directors at tech, media and telecom companies are putting security on their agendas. They are starting to see security as a way to drive business value and differentiate themselves in the marketplace. More interesting, perhaps, compliance wasn't even included among these industries' top 10 security drivers. As Deloitte points out, this is a big shift.

Reading between the lines, I'm not seeing a set of businesses that has decided to embrace security (or, heaven forbid, that quaint old notion of privacy) for its inherent virtue. While that would certainly differentiate them from the pack, it might not be consistent with their idea of business value. What I'm seeing is a set of businesses discovering that it pays to be secure.

Nearly a fifth of the survey respondents said that the most important consequences of a security breach are the questions and complaints that come from customers. In other words, these businesses realize that customers expect security as part of the service. For 49 percent of them, budget constraints were the greatest factor holding back efforts to improve security.

Executives in these industries have shown that they are aware of the security threats that abound. Nearly three-fourths of those surveyed ranked breaches at third parties as the top threat. Denial of service attacks and employee mistakes ranked closely behind. Mobile and BYOD trends were cited by 74 percent of the executives as presenting an ongoing security concern.

Awareness being only the first step, however, fewer than half of the executives said they've established a plan for addressing security breaches. Illustrating a further disconnect, 88 percent of the executives indicated that they did not consider their own companies vulnerable to cyber attack, but somehow half of them admitted to a security threat in the past year.  

Still, the Deloitte study suggests that progress is being made in the telecom, media and tech sectors. How about for the rest of you? - Caron