Information Security Not a High Priority for Many Top-Level Corporate Executives, Study Finds

2711081060_ba91f69796.jpgInformation technology (IT) is widely recognized as a critical component of business operations, but the security of a company’s IT often does not receive as much attention. Breaches of a company’s cybersecurity can result in serious losses, not only due to direct theft, but also through potential liability to regulators and customers. Despite some highly-publicized cybersecurity breaches, a recent survey of top-level corporate executives found that nearly three-fourths of those surveyed did not think the Chief Information Security Officers (CISOs) merit a place at a corporation’s “leadership table.” Nearly half of them see the role of a CISO as someone to take the fall if a breach occurs. Businesses, including small businesses and entrepreneurs, should seriously consider allocating resources to protect their IT.

The technology industry publication SearchSecurity defines a CISO as the executive “responsible for aligning security initiatives with enterprise programs and business objectives,” and with “ensuring that information assets and technologies are adequately protected. This includes maintaining oversight of a company’s entire system of computers and computer networks, which can be a colossal task in a large organization. A CISO must keep a company’s hardware, software, and data safe from intrusion by both outsiders and insiders, while allowing business operations to run unhindered.

The role of the CISO has grown in importance recently, particularly after several large and highly-publicized cybersecurity breaches at major retail chains like Target and Home Depot, which exposed the personal financial information of millions of consumers. Target announced that it hired a CISO about six months after its breach. Since information is vulnerable from both cyberattacks via the internet or another network and physical intrusions on a company’s hardware, some corporations merge a CISO’s role with that of a chief security officer (CSO), commonly responsible for the security of a business’ physical assets.

The survey of top-level executives, conducted by the computer security firm ThreatTrack Security, found that 74 percent of respondents do not believe that CISOs should have a place in a corporation’s leadership team. The technology blog GigaOM noted that CISOs may seem like an unnecessary expense: “If there’s no breach at all, that money is seen as wasted. And if there is a breach, that money is also seen as wasted.” ThreatTrack also found that 44 percent of respondents thought a CISO’s main role is to be “accountable for any organizational data breaches,” i.e. the person the rest of the executives can blame.

Businesses face enough potential losses due to cybersecurity breaches that they should take at least an ounce of precaution. Aside from direct losses, which might include outright theft of money or of trade secrets, businesses may face regulatory penalties for breaches that compromise their customers’ financial data. This type of personal information is often the target of cybersecurity breaches, since it can then be sold to others for identity theft and credit card fraud. Businesses who suffer cybersecurity breaches may also face liability to the customers themselves through civil negligence claims.

Business attorney Samuel C. Berger represents entrepreneurs and businesses in New York City and Northern New Jersey. Our fixed-fee legal-service packages cover a wide range of legal needs, including business formation, winding down a business, contracts, and mergers and acquisitions. To schedule a confidential consultation with an experienced business law advocate, please contact us today online or at (212) 380-8117.

More Blog Posts:

Three Steps New York and New Jersey Businesses Can Take to Protect Themselves from Cybersecurity Breaches, New York & New Jersey Business Lawyer Blog, June 23, 2014
After Hackers Hit Another Major Internet Company, New York and New Jersey Businesses Need to Be Aware of Cybersecurity Risks, New York & New Jersey Business Lawyer Blog, May 26, 2014
Protecting Your New York Company’s Brand from Online Counterfeiters, New York & New Jersey Business Lawyer Blog, January 30, 2014
Photo credit: Cory Doctorow [CC BY-SA 2.0], via Flickr.