Is a security breach the most effective driver of change?

1k views9 Comments

CIO in Education, 1,001 - 5,000 employees
In my world, it's not until an accident happens that the behavior changes. When someone’s financial account gets entirely drained and the rest of the org finds out about it. Or when people find out, not just that their information was stolen, but that it was posted on the dark web. Then it’s, "Oh, I should pay attention to this." I think unfortunately, in some cases, an accident needs to happen for the behavior to change.
2 3 Replies
VP, Customer and Technical Operations in Software, 501 - 1,000 employees

The key is to actually make good use of an incident so that you can prevent the next one.

CIO in Education, 1,001 - 5,000 employees

 I totally agree!

Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees

Pretty much spot on. I don't think it's industry/sector specific or anything, its more along the lines of regular human behavior, as being pro-active is not natural of a lot of people (ie. you are always stuck in reactive mode). Occasionally you do come across orgs and teams that are very pro-active and are actually taking steps to make sure they don't run into issues by addressing security early on and effectively, though it's rare unfortunately.

Global CIO & CISO in Manufacturing, 201 - 500 employees
The best thing is when you can build that business case to show you've got value that you can drive to the business. We need to be compliant with SOX and TISAX, etc., for example. There are a lot of zeros involved in that. Without that business case, every wonderful new tool is going to be really hard to justify. But from an AI or data standpoint, maybe 90-98% of it is all data.
1 1 Reply
VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees

We're getting ready to do our TISAX again. Last year we responded to over 440 audits and part of the focus is to demonstrate that integrity, but sometimes you don't get that behavior change until the problem occurs.

Senior Information Security Manager in Software, 501 - 1,000 employees
Ask it like this? Is cancer the most effective driver of smoking cessation? No. Research shows that about a third of lung cancer survivors will resume smoking.

As to information security, the most effective driver of change is a company that is proactive with security and understands it benefits.
Director of IT in Software, 201 - 500 employees
It opens the door to implement new technologies and usually increases the security budget. Now how you use the extra budget/approvals for purchase is of utmost importance and directly correlated to your chances of preventing the next breach
CEO in Services (non-Government), Self-employed
Not always. I'd say when it comes to security specifically, hearing about it from someone trusted who has experienced the event first hand, it's the risk of a major beach, (vs the aftermath of the breach) that fuels the need for change.

Content you might like

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
57.8k views49 Upvotes35 Comments

We provide company-wide training56%

We only train certain departments/roles32%

We have a targeted individual training approach.9%

I am unsure how we handle security training.3%



Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
Palantir Foundry
Read More Comments
6.3k views15 Upvotes48 Comments