Monday, April 12, 2010

Report: Cybersecurity bigger than an IT problem

Companies that confine cybersecurity concerns to the information technology department put their bottom line at risk, according to a report released Wednesday by the Internet Security Alliance and the American National Standards Institute. The groups conducted the report in response to a request in the Obama administration's Cyberspace Policy Review that better financial metrics be placed on cybersecurity hazards.

Highlighting that cyber attacks cost U.S. businesses more than $1 trillion in intellectual property in 2008, the report offers a framework for how companies can better organize themselves to address these threats, which can result in public relations crises and major data breaches.

One of the report's central points is that effective cybersecurity requires effort beyond the IT department, which is not seen as a growth area for companies and is often underfunded. "If anyone still thinks IT is going to solve the problem: ain't gonna happen," said Joe Buonomo, president and CEO of Direct Computer Resources, among the industry and government stakeholders that helped develop the report. The report suggests that cybersecurity concerns should be handled at the top levels of corporate structure, drawing in the board of directors.

The report also urged companies to think of cybersecurity as a financial problem that should be addressed by companies' chief financial officers.nextgov.com

No comments:

Post a Comment