Nearly 45 percent of companies have put a senior manager in charge of computer security -- up just a bit from a year and a half ago, according to a survey sponsored by a pair of industry groups.
The Business Software Alliance and Information Systems Security Association last week released results of their Information Security Survey, a Web poll of 850 worldwide members of ISSA conducted in December and January. According to the survey, 44 percent of companies said a member of senior management is responsible for IT security, up from 39 percent in October 2003. BSA, a consortium of 25 software companies that includes Cisco Systems, IBM and Microsoft, supports enforcement of copyright and software-counterfeiting laws.
Among other findings: Seventy-eight percent of companies have a formal information-security program, 90 percent have an information-security officer and 55 percent have a chief privacy officer.
What the survey observes of the business world in general is also true of the insurance industry and financial services in general, according to Matthew Josefowicz, a New York-based analyst with Celent Communications. Within the industry, "There have certainly been more CISOs [chief information security officers] and CSOs [chief security officers] appointed over the past couple of years," Josefowicz says.
With or without such appointments, security is getting more attention at financial services companies, Josefowicz emphasizes. "The industry probably starts out a little ahead of the curve in security because it deals with regulation and sensitive data, but like other industries, it is increasing its security focus," he asserts.
Josefowicz says reasons for the increased concern include an awareness of the increasing complexity of infrastructures -- which creates a greater management challenge -- as well as greater openness of the enterprise to various external stakeholders via the Web channel. Security awareness always involves a priorities struggle, he adds. "It takes effort to keep security on the front burner because other line productivity issues tend to take precedence, but it is definitely a top-level concern for CIOs in insurance and financial services generally," Josefowicz says.