Report: High-level support for IT security often lacking

Executives involved in security and risk management face challenges in winning support for initiatives to improve security, according to a new report from the Conference Board, sponsored by the Homeland Security Department.

The report, "Navigating Risk: The Business Case for Security," is based on a survey of 213 senior corporate executives not specifically responsible for security. It was intended to gauge the influence of security managers ? including security directors, CIOs, risk managers and compliance officers ? among senior executives.

"Security directors appear to be politically isolated within their companies," Thomas Cavanagh, author of the report, said in a press release. "They face a challenging search for allies when they need to gain support from upper management for new security initiatives."

Among the companies surveyed, those most concerned about security are in critical infrastructure industries such as energy, utilities, chemicals and transportation, along with large, multinational and publicly traded companies.

The most effective alignments of company security operations with business objections were in the areas of compliance with government regulations, cited by 79 percent; maintaining business continuity and customer safety, 71 percent; limiting financial risk, 62 percent; and defending against litigation, 60 percent, the report said.

However, only 35 percent of the executives surveyed saw security objectives contributing to pursuing new business; 36 percent, for supply chain management; and 44 percent, for enhancing the value of the brand.

"These results are perhaps surprising and a bit disappointing, since they suggest that security remains a function that is mired in operations in the eyes of senior executives," Cavanagh said.