Forrester Consulting just put out a report that I found interesting. According to Forrester, chief information security officers (CISOs) face increasing demands from their business units, regulators, and business partners to safeguard their information assets. Security programs protect two types of data: secrets that confer long-term competitive advantage and custodial data assets that they are compelled to protect. Secrets include product plans, earnings forecasts, and trade secrets; custodial data includes customer, medical, and payment card information that becomes “toxic” when spilled or stolen. Forrester found that enterprises are overly focused on compliance and not focused enough on protecting their secrets. Forrester’s key findings are the following:
- Secrets comprise two-thirds of the value of firms’ information portfolios.
- Compliance, not security, drives security budgets.
- Firms focus on preventing accidents, but theft is where the money is.
- The more valuable a firm’s information, the more incidents it will have.
- CISOs do not know how effective their security controls actually are.
Download the report to report to get the details.