Buried in a generally optimistic business outlook based on a survey released this week by PwC at the annual World Economic Forum (WEF) conference on Davos, Switzerland this week was a startling admission that IT security professionals should take special care to note. The global survey of 1,379 CEOs finds that a 69 percent said in a digital economy it’s difficult to gain and keep people’s trust. A total of 91 percent said data privacy and ethics issues are likely to impact those levels of trust in the next five years.
As digital business initiatives start to drive corporate strategies many business professionals will need to change their approach to IT security. Historically, IT security was viewed as a cost of doing business that from an expense perspective needed to be minimized. Going forward, however, IT security is going to be transformed into a selling point. Obviously, there are still many risks. But the degree to which one organization can proactively manage those risks versus another is about to become a point of business differentiation. There will naturally never be perfect IT security. But organizations that have the foresight to invest in IT security to minimize those risks are going to be viewed as preferred digital business partners. Before too long businesses of all sizes will be touting how much effort they put into securing the trust of their customers.
That shift represents something of a double-edge sword for IT security professionals. Anything that gets business people to take IT security more seriously is welcome. On the other hand, most business executives don’t really have a firm understanding of what forces are in play. They are likely to make promises that no IT security team can meet. The good news is that online courses offered in association institutions such as Massachusetts Institute of Technology (MIT) that are specifically aimed at educating business executives on the true state of IT security are starting to become available.
Organizations should not shy away from digital business simply because IT security is a potential issue. But the boards of these organizations do need to understand what it takes to properly invest in IT security. In fact, because most boards are held accountable for assessing risk to the business many of those board members remain ignorant of T security issues at their own peril. It will not be long now before some shareholder sues a board over financial losses incurred due to lax security. Once that happens it’s also probable that many boards will be looking to add members that have expertise in IT security.
It may take IT security professionals some time to get used to this new digital business reality. Much like Cassandra who had been cursed by the gods to not being listened to by the doomed citizens of Troy, IT security professionals for years have been shouting warnings about IT security at anyone who cares to listen. The difference now is that as more business executives are starting to not only listen; they are tasking IT security professionals with securely enable the implementation of digital business strategies in a way that doesn’t add more friction to the process. In this day and age that, of course, is a very tall order indeed.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.