Threat of penalties and fear of reputational damage is motivating CSOs to pursue regulatory compliance

(09/06/2009)

A recent meeting of the UK’s leading enterprise security executives and industry experts at the annual CSO Interchange event in London last week highlighted the increasing challenges they face on a daily basis. A majority (64%) expressed the belief that the task of securing their network is more difficult today than a year ago. Just 7% thought it was easier and 28% felt it was the same as a year ago.

Regulation and compliance was one of many hotly debated topics amongst the group. An interactive survey revealed that 64% of Chief Security Officers (CSOs) comply with regulatory requirements because of the risk of incurring major penalties, reputational damage and/or the loss of vital licenses to operate. Just 16% claimed to be motivated by a belief that it would improve their risk profile or level of security and 16% claimed that regulations had no real influence at all on their actions.

What’s more a majority (66%) agreed that regulatory requirements were ill defined and left CSOs and organisations at the mercy of expensive consultative interpretation. A further 31% of the group considered existing regulations to be overly complex, burdensome and costly to implement and just 3.4% deemed them to be appropriate, fit for purpose and pragmatic to implement.

The research also revealed that 69% of CSOs felt that additional regulatory practices would most likely prove a positive distraction and hindrance to more effective risk management. Summarising the round table discussions among delegates on this subject, Marcus Alldrick, CISO of Lloyd's and a moderator for the round table on compliance added: “The predominant feeling of the group was that regulations were increasingly becoming prescriptive with the end customer specifically in mind, rather than principle based with organizations incorporating them in their business models. The group also commented on the resulting increased level of complexity for organizations operating across national boundaries where different regulations applied, which made the CSO job particularly difficult.”

The CSO Interchange event uses an interactive format and roundtable sessions to enable security executives and industry experts to discuss topical issues amongst peers and colleagues in an independent high-level forum. This year’s event also included a roundtable to discuss virtualisation and risk. It discovered that 73% of CSOs already have a virtual network in place with a further 15% in the testing and planning stage of deployment, although discussions indicated that securing these virtualised networks still posed significant challenges.

Qualys CEO and founder of CSO Interchange Philippe Courtot commented, “The discussions once again highlighted the difficult and complex role of the CSO: fighting organised crime, dealing with limited budget, educating users, responding to the business need for more third party interaction - which naturally increases security risks - and having to ensure that corporations answer regulatory requirements. Our job as a security vendor is to help CSOs meet these challenges in the most effective way possible.”

Related topics:  Legislation   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources