WSJ.com CIO Journal
Read the full article in WSJ.com's CIO Journal (subscription required)
If there is a silver lining to the recent rash of high-profile security breaches, it may be this: Senior executives and boards can no longer just pass ownership of data security to the CIO and hope it will go away. The consequences are too severe—and too public—for them to ignore.
Simply throwing more money at the problem isn’t likely to fix it. Many billions are invested every year in cybersecurity, and still hardly a week goes by without news of a major breach.
CEOs and other corporate leaders need to take a more strategic approach to this security problem, one that is based on better communication between the business side of the company (which understands the relative value of different digital assets) and IT (which makes investment decisions about how to protect them). Data security has become a top-level strategic issue, because the consequences of failure can ruin a business. Any organization may be only a few hacks away from disaster.
In our experience working with leading enterprises, we find that too many fail to align their IT security capabilities with their larger goals and appetite for risk. At some companies, business and IT don’t discuss emerging threats or the relative importance of different classes of digital assets.