Indian enterprises cannot survive the deadly cyber threat landscape with a divided mind-set between C-suite business leaders and IT leaders that has made security an afterthought in corporate planning and priorities.
By Anand Patil
To be prepared for war is one of the most effectual means of preserving peace, said George Washington is the first US State of the Union address. This couldn’t be truer as you consider the state of information security today. With security threats, internal and external, getting more potent by the day, no enterprise can afford to wage the war that’s playing out across the security landscape without being as prepared as possible.
Security is not the IT organization’s sole responsibility
In the enterprise, matters of security (and blame, in case of a breach) are the responsibility of the IT organization. Given the damage to a company’s reputation in case of a breach, it would seem almost intuitive that an Indian company’s cyber security strategy would be a holistic corporate initiative with all stakeholders understanding the criticality of the issue.
But surprisingly, a new global study by The Economist Intelligence Unit (EIU), reveals exactly the opposite. Indian IT leaders (CIOs and CISOs) consider cyber security as their number one priority while only a measly 8 percent of C-suite business leaders (CEOs, COOs, CFOs, et al) share that view. Almost all IT and C-suite leaders (83 and 84 percent respectively) recognized that they saw an increase in cyber-attacks on their firms in 2015 though.
The EIU survey further reveals that 33 percent of businesses expect to be hit in as little as the next 90 days. That’s downright scary. But are they doing anything about it? When it comes to increasing security budgets, only 21 percent of C-suite business leaders foresee a significant increase while 36 percent of IT leaders hope for a major push. The survey also highlights the contrast in the way security matters are being tackled. Business executives think strategically and long-term, while security executives, prefer a tactical approach that focuses on individual solutions to each possible attack. So, the moment an organization realizes it is under attack, the business leader will try to protect the company’s reputation in her own way while the IT leader runs to salvage data and applications—two complementary, though unproductive strategies that need to converge.
Cyber theft takes away much more than data
A divided mind-set reflects the fragmented approach to security issues that has made security an afterthought in corporate planning and priorities. The EIU survey shows how cyber theft hits the business where it hurts—from stifling innovation to delaying the launch of new products to market; making the company less responsive to customers and slower to respond to competitors—which can often prove fatal to business.
It’s clear that cyber security is a critical boardroom issue and should command the attention of each and every stakeholder in the organization. It will take equal effort from C-suite leaders on the business end and from those heading IT to take care of the architectural issues that create complexity and inhibit security teams from successfully doing their job. Security is a core mission and by adopting a holistic, common framework, enterprises can align policies with innovative security solutions that can be extended across the board. That’s the only way to get CFOs, CEOs, COOs, CMOs and CIOs & CISOs on the same page—and ensure that the organisation can preserve peace even as it is waging war.
The author is India lead – SDDC sales from VMware India