The new byword in infosecurity: Don't embarrass the boss

New Frost & Sullivan global survey finds security staffers increasingly concerned about damage to corporate reputations from embarrassing data breaches or ID theft.

Charles Cooper Former Executive Editor / News
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
Charles Cooper
2 min read

Information security may be improving but embarrassing incidents involving data loss or identity theft at the Veterans' Administration and at TJX Companies, the operator of T.J. Maxx and Marshalls retail chains, suggest that the battle is a long way from victory.

Indeed, three-fourths of the information security professionals around the world surveyed by Frost & Sullivan say they now consider avoiding reputation damage to their organizations as a top priority.

That fits with the times. Increasingly, companies are elevating the prevention of high-profile data security breaches to the level of a strategic goal, if not competitive weapon.

Here's where things are getting interesting. That new sensitivity to data loss has invited more high-level scrutiny from the business side into how IT maps out its cyberdefenses. In fact, the percentage of information security personnel reporting to executive management or boards of director has climbed to 49 percent from 21 percent just four years ago.

"Information security professionals are under increasing pressure to secure not just the perimeter of the organization but all the data and employees that belong to the organization," according to the report, which was conducted at the behest of the International Information Systems Security Certification Consortium.

"We're seeing a shift toward a more information-centric approach...where will need to take security consciousness beyond IT to every person in the organization," said Howard Schmidt, the president of R&H Security Consulting. "Time is clearly of the essence and we have to rethink our approach to security,"

The survey included responses from 7,548 information security experts in various geographies. Among its other conclusions:

51 percent of respondents say that internal employees pose the biggest security threat.

75 percent of respondents see viruses and Internet work attacks as top or high threats. Next in line as a security concern came hackers and employees.

Cyberterrorism remains more of a concern for government than for people working in other sectors.

The most concern voiced about all security threats came from the banking/insurance/finance sector.

The report also suggested a good news-bad news paradox: Even as the economy slows, security concerns should contribute to strong demand for products and services that help IT prevent data breaches. The report also said that regulatory compliance will also factor into the equation, feeding demand for more information security professionals.