Is a security breach the most effective driver of change?

LeadershipArchitecture
1.1k viewscircle icon9 Comments
Sort by:
CEO in Services (non-Government)4 years ago

Not always. I'd say when it comes to security specifically, hearing about it from someone trusted who has experienced the event first hand, it's the risk of a major beach, (vs the aftermath of the breach) that fuels the need for change.

Lightbulb on2
Director of IT in Software4 years ago

It opens the door to implement new technologies and usually increases the security budget. Now how you use the extra budget/approvals for purchase is of utmost importance and directly correlated to your chances of preventing the next breach

Lightbulb on1
Senior Information Security Manager in Software4 years ago

Ask it like this? Is cancer the most effective driver of smoking cessation? No. Research shows that about a third of lung cancer survivors will resume smoking.

As to information security, the most effective driver of change is a company that is proactive with security and understands it benefits.

Lightbulb on2
Executive Coach / Global Chief Information Officer & CISO in Education4 years ago

The best thing is when you can build that business case to show you've got value that you can drive to the business. We need to be compliant with SOX and TISAX, etc., for example. There are a lot of zeros involved in that. Without that business case, every wonderful new tool is going to be really hard to justify. But from an AI or data standpoint, maybe 90-98% of it is all data.

Lightbulb on1 circle icon1 Reply
no title4 years ago

We're getting ready to do our TISAX again. Last year we responded to over 440 audits and part of the focus is to demonstrate that integrity, but sometimes you don't get that behavior change until the problem occurs.

CIO in Education4 years ago

In my world, it's not until an accident happens that the behavior changes. When someone’s financial account gets entirely drained and the rest of the org finds out about it. Or when people find out, not just that their information was stolen, but that it was posted on the dark web. Then it’s, "Oh, I should pay attention to this." I think unfortunately, in some cases, an accident needs to happen for the behavior to change.

Lightbulb on2 circle icon3 Replies
no title4 years ago

The key is to actually make good use of an incident so that you can prevent the next one.

Lightbulb on2
no title4 years ago

<mention id="600f2125ced2100001077892" displayname="Dominic Martinelli"></mention> I totally agree!

Lightbulb on1

Content you might like

How do you manage your enterprise content efficiently, and how is your organization (specific to content)?

Is your organization's cybersecurity team currently understaffed?

Yes81%

No18%

How confident are you in your organization's ability to adapt its data strategy over the next 12 months?

Very confident

Somewhat confident

Not confident

Unsure100%

View Results

What are some less obvious or downstream opportunity costs you’ve encountered with AI implementation?

For large-scale transformations, would you consider complementing your technology and process work with consulting focused on leadership alignment, mindset transformation, and accelerating measurable results across teams?

Read More Comments