Instead of the reactive strategy they have now, businesses need to go on the attack to protect themselves from the onslaught of security risks they're facing, new research shows.
A new study from Iowa State University researchers argues that businesses need to change their philosophy for handling cybersecurity issues to a proactive one, so they aren't always reacting to a potential threat or security breach.
Samuel DeMarie, one of the study's authors and an associate professor of management, said companies are not just sitting idly by, but too often those making the decisions about data security lack information technology expertise. He believes there must be more IT expertise at the very top of the corporate ladder.
"The way organizations use information technology is critical to the success of a company," DeMarie said. "If you're not doing it well, it doesn’t matter how great your product or service is, that can be enough to shut down a business."
Making cybersecurity a priority within a firm's operational plans is more than an investment; it’s a shift in the organizational culture, DeMarie said.
"I think a lot of companies just feel like they’ve got it covered," he said. "They hope their IT guys know what they’re doing."
With so much on the line, the researchers suggest many small businesses will be outsourcing their security needs in the future.
"I think, increasingly, that's what we're going to see with organizations moving more of these sensitive operations that are vulnerable to attack to platforms where they can trust a vendor to provide a higher level of security than they would be able to provide themselves," said Brian Mennecke, an associate professor of supply chain and information systems and one of the study's authors.
The researchers believe that in the years to come, businesses will start leveraging their cybersecurity as a competitive edge in attracting and retaining customers and clients.
It actually appears to convey a specific advantage in terms of customer retention and satisfaction with the firm knowing that you have decent security," Anthony Townsend, one of the study's authors and an associate professor of supply chain and information systems. "It's not an afterthought."
The study, "Strategic Information Systems Security: Definition and Theoretical Model," is scheduled to be presented this summer at the Americas Conference on Information Systems.