5:14 PM -- Amid all the end-of-year doom-and-gloom reports (dutifully documented and analyzed by Dark Reading's Site Editor Tim Wilson in our weekly newsletter column), a tiny yet significant bright spot emerged today that should give security pros a little holiday cheer.
Nearly 70 percent of the executive-level respondents in Ernst & Young's newly released "10th Annual Global Information Security Survey," said they think security improves their IT and operational efficiency. And in addition to compliance, and data protection and privacy, one of the top three drivers for their security initiatives is to meet business objectives. (See Report: Security Becoming Business Tool.)
Business objectives driving security. That's a big step, right?
Sure. Except when you drill down into the report and find that the security group apparently still doesn't really have the ear of the boardroom. Security and executive management don't mix much at all: Thirty-two percent of the organizations never meet with the company's corporate board or audit committee, according to the report. And monthly meetings between the IT and information security teams are three times more likely to convene than meetings between security and corporate officers or business heads.
And those security teams that do get sit-downs with boardroom execs only get to do so less than once per quarter.
If security is increasingly being seen as a key element of the business, business should be including the security team in its strategic planning. Or as Ernst & Young concludes it in its report, they could miss the boat in moving their business forward.
Kelly Jackson Higgins, Senior Editor, Dark Reading
Ernst & Young International