Finally, some good news: Corporate boards are starting to recognize the importance of IT security.
Getting executives and other leaders to support security investments and initiatives is a common challenge for IT managers. But recently, increasing risk and high profile data breaches have pushed IT security to the top of directors’ priority lists, according to the 12th annual Law and the Boardroom Study conducted by Corporate Board Member and FTI Consulting.
Nearly half (48%) of the directors surveyed said IT security was a high priority, the highest of any concern listed. The emphasis placed on protecting data has doubled in the past four years, with just 23% of directors having listed it as a high area of concern in a 2008 survey.
Likewise, 55% of general counsel listed data security as a top priority in this year’s survey, compared to 25% in 2008.
Why the big jump? According to the report’s authors, as more business takes place in the digital world and the costs of cybersecurity incidents increase, boards have no choice but to pay attention to IT security.
Despite the increasing importance, many board directors and general counsel are not confident that their organizations are properly managing IT security risks. Among the general counsels surveyed, 33% believe the board isn’t managing cyber risk.
In addition, less than half (42%) of directors say their organization has a formal response plan for IT security incidents. Another 31% were uncertain if such a plan existed, and 27% said there is no plan.
These results suggest that many company leaders understand the importance of IT security, but may not understand what their organizations need to do to protect themselves.
That’s where the IT department comes in. IT managers can use execs’ increasing security concerns as they pitch new projects and investments in security tools and programs. When doing so, it’s important to focus on how security spending is an investment that protects the company’s bottom line.