Security is Not Insurance – Debunking the Myth
Since 2005 I have been in the Information Security consultant and today I consult and coach security executives on strategy, compliance, messaging, and teams, so today I am going to talk about something that is critical to any organizational leader: information security. More specifically, the myth that security equates to insurance.
Many people in the security industry have used the security analogy for a very long time to explain the importance of security to an executive or client who has said, “Why do I need security? It’s expensive and nothing has happened to my network; my company’s data is fine.”
The response often provided has been “for the same reason you need car insurance or medical insurance, you never know when there will be a problem.” Using a real-world situation to help explain something that is not always clear makes sense, but this analogy is not correct.
The reason it’s not a good analogy is because security is not insurance. Insurance attempts to make you whole again. It is there to replace your car, rebuild your house, allow you to replace lost or stolen items, or help you regain your health. Security on the other hand does not make you whole; once your data is stolen, your network breached, or your systems locked up with Ransomware it is not security that will make you whole again. There is insurance you can purchase to use when the hacker on the other end of the phone says we want 20 Million Dollars to unlock your systems, but that really is insurance.
If we are going to use analogies, then security is your force protection, it is proactive. You know the guys (or gals) at the perimeter with the big guns that are going to keep the bad guys (or gals) out in the first place. When I used to work at the Pentagon, there were armed guards with very big guns making sure only the people with the proper access could enter the building. Then there were locked doors within the building that could only be accessed by another select group of people. That is security! We don’t call them insurance guards we call them security guards (or in this case military police).
The same is true for access to your computer systems, network, and data. Your Information Security or Cyber Security (if you are using that term) team is the armed guards; it is their responsibility to keep the bad people out, to monitor for intrusions, and to react if or when a breach is observed. If you are treating this group as insurance you are not giving them the level of importance they deserve, the funding they need, or the authority they require.
For small organizations, you might think, “Who wants my data? I’m good till we get bigger; the hackers are out there looking for the big guys to steal from.” But that is not true at all. It’s like the burglar who will just move on to the next house when they see the ADT sign in your neighbors yard. If your neighbors are the bigger companies with the fancy security and armed guards it is your network the hackers are after because they know it will be easier.
But you want to say “I don’t have anything worth taking” and that might be true at the data level, but you do have something worth taking. It is your resources, your connection to other networks, and it is the fertile playground you are giving them to practice their craft. By allowing your network to go unprotected, you are allowing hackers to practice, to find vulnerabilities they can use against other networks, and to potentially use your network to launch an attack on another organization.
I am writing this so that we can stop equating security with insurance. Stop looking at this as a cost and start looking at is as a responsibility. You are not only protecting your data, your employees, and your customers; you are also protecting other organizations by putting the guards up around yours.
If you do not have a security team or strategy, don’t worry. It’s not too late and it does not have to be scary. There are lots of great consultants out there who can help. As a 12-year veteran of the information security and compliance space, I invite you to send me an email at sharon@c-suiteresults.com or reach out via LinkedIn https://www.linkedin.com/in/smithsharonj/ to ask any questions you might have on this topic.
You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/
Latest posts by Sharon Smith (see all)
- Using the Golden Rule to be a Better Leader - July 2, 2018
- Arming the Cyber Defender – Your Employees - May 8, 2018
- The Secret to Hiring Cybersecurity Professionals - May 3, 2018
