2. Think differently about information security. Several notorious security breaches in 2017 served as poster incidents for the costs of lax data security practices. One company’s CEO, CIO, and chief information security officer lost their jobs as a result of a breach that resulted from the company’s failure to patch a known vulnerability in key systems, forcing it to spend millions of dollars cleaning up the mess.
Few other companies can claim the moral high ground. Yours, too, may be just one unpatched system away from suffering the same punishment. And as the aforementioned example confirms, information security is as much a CIO (and CEO) priority as it is a CISO one. Companies can’t keep throwing money at this problem. While the 1,178 CIOs and other IT leaders who responded to the latest annual Society for Information Management (SIM) survey say that cybersecurity is their companies’ No. 1 IT challenge, and that it’s the issue that’s most personally worrisome to them, their companies actually spent less money on cybersecurity in 2017 (as a percentage of their IT budgets) than they did in 2016, the survey found.