As we interact with CxO’s in the Industry and try to capture the mindset as they implement IT Security initiatives as a foundation to digitalization, we find a varied state of maturity levels.
Some of these are listed below and you may find that you are either going through the same predicaments or have gone through them, personally or with a colleague, at some stage during progression :
We have captured the following taglines :
We have had no Security Threats and we don’t see it impacting us either.
There’s no point spending money or allocating budget on something that is highly unlikely .
Our CIO’s/CISO’s are unable to quantify the ROI in business terms.
Our CFO or CMO see IT Security as a completely nonvalue add activity. Security poses the same level of risk as any other, to the business hence does not require additional focus.
Everyone in the management team feels that IT security is merely a marketing gimmick .
We have spent enough to bolster the infrastructure (deployed, firewalls, End point protection etc) hence there’s nothing else to do from the security perspective.
Few think, that talking about IT security concerns without actually implementing anything significant is good enough for company’s image and that will chase the attackers away.
We have nothing to lose in a security incident scenario as we don’t have any valuable information.
We have very good intent and surely we will take action when right time comes. And RIGHT TI ME does not come for years together till breach happens.
We are a manufacturing company , IT security risks are for Banking and Tech companies not for us to really worry about.
Yes, we are very much concerned about it, they say. ( but actually keep analyzing to find short-cuts as a way out)
We are very much on target, we have deployed IT security Strategy that is revisited every quarter , we do compliance audits, we conduct third party audits for the entire IT landscape periodically, our code deployment passes through security scans, we run the scan cycles for server, network, firewall, endpoints, database, applications and take timely mitigating actions.
Before reaching to a matured state as in 12, everyone has graduated through one or many stages of ‘knowledgeable yet ignorant’ mindset that we have observed.
DoyenGC-ApON adds value no matter the state or maturity model your company is at, through direct consulting and/or creating awareness even outside of any formal engagements, to facilitate and partner in your success.
Our CIO advisory is one of the best value add service that exists. Our CX program is renowned and has received many national and international accolades.
Please indicate a convenient time so that we can help build your success story.