The increasing volume, variety, and velocity of security threats are no longer solely an IT issue. Business leaders are keenly aware of the financial, operational, legal, and reputational challenges presented by both cyber security and physical security. Many enterprises—often led by forward-thinking C-suite executives and board members—are now getting out ahead of the curve to address the root causes of security lapses.
This is no easy task, as headlines and real-world stories highlight. Recent research conducted by the Economist Intelligence Unit (and sponsored by Palo Alto Networks, this site’s parent company) highlights some of the core problems organizations face in trying to address security issues by going beyond traditional technology fixes. In particular, the research focuses on organizations’ efforts to deal with societal factors that drive many of the security breaches that cause legal and regulatory headaches, cost organizations huge sums of money, impact business decisions, and undermine public confidence.
The research—based on survey responses from 150 board members and C-suite executives and supplemented by in-depth interviews with 10 senior executives and security consultants—addresses the issue from two angles. First, the survey looks at the cause and impact of security problems driven by diverse societal issues, such as poverty, hunger, political unrest, and shifting social norms. Second, it identifies steps organizations can, and should, take now in order to mitigate the impact of security threats shaped by these factors.
The impact of societal trends
Security vulnerabilities are no longer solely the byproduct of factors such as hackers looking for bragging rights or financial extortion. Increasingly, security breaches are the result of causes with deep roots in social and political change. These might include protests against traditional political power structures; the actions of rogue nation-states looking to disrupt democratic regimes; or socially committed groups hoping to upend perceived inequities in financial wealth, natural resources, or basic human needs such as food and living conditions.
In fact, the research finds that “political or ideological differences within countries or across international borders” will be the most-cited root cause of security problems in the world over the next five years.
Naturally, solving societal problems such as inequality or political unrest is typically not on the to-do list of corporate executives. But those issues have significant influence on the creation of security risks, and survey respondents believe corporate boards need to better understand the underlying causes of security woes. One way or another, they must be addressed—even if it’s unlikely that organizations will fully eradicate them. “There’s no amount of money that a company can spend for a guarantee that they’re going to be safe,” said Arvind Parthasarathi, co-founder and CEO of Cyence, which develops economic models of cyber risk for the insurance industry. “You can’t dial it down to zero.”
Still, organizations have tangible strategies and tactics they can implement today in order to shift the scales in their favor against mounting and diversifying security risks.
Steps to take
One of the first steps is to focus on educating all key constituencies—board members, senior executives, internal staff, trading partners, and customers—about spotting and eliminating risks before they take hold. In fact, 70% of survey respondents overwhelmingly agree that board members need to become better informed on the underlying causes of security problems.
Another vitally important step is committing to a strategy for cooperation and collective action. “Going it alone” is no longer a way to ensure competitive advantage, especially when you’re talking about recurring security problems. Collaborating with industry groups, government agencies, and even competitors can pay off in helping to make digital environments safe and secure. “I firmly believe that making the internet safer for everybody is not a competitive differentiator,” noted Troels Oerting, chief security officer and CIO at Barclays Plc. “I think we should share more than we do.”
Other key steps business leaders and IT executives should embrace in order to head off security problems—even those emanating from tricky societal challenges—include:
- Enhanced communication with customers in order to identify and promote better “digital hygiene,” particularly in e-commerce transactions or interactions that expose sensitive data.
- Improved device security, especially with the increasing consumerization of IT endpoints, such as smartphones and tablets, and with the growing popularity of the Internet of Things.
- Broader participation in industry standards groups that leverage collective knowledge and common interests to overcome security threats
For a full version of the Economist Intelligent Unit research, please go to http://themeaningofsecurity.economist.com. http://gty.im/5320