In 2007, I worked as a Chief Information Security Officer (CISO) for a $2B corporation in the automotive sector. Having discovered a number of serious security vulnerabilities in my company’s systems, I was preparing to implement enhancements that were important for the future of the business.
Like most things in life, these enhancements would cost money, so I prepared to take this request for funds to the executive team. I sat with my CFO, feeling confident that he would recognize the importance of protecting their business against cyber-attack. I still remember sitting in the executive’s office, sun shining through the large windows, as the CFO responded “while cybersecurity is a nice thing, at the end of the day, we need to sell more tires.”
Despite justifying my request with a solid business case, the CFO wouldn’t approve any funding to protect the personal and credit card data in the company’s IT systems. This was a pivotal point in my career that stunned me.
Today, boardrooms are more aware of the importance of information security, partly as a result of the increasing cost of hacking attacks, which cost on average $2.6 million per incident.
As a CISO with GlobalDataLock.com & Board Advisor, I still come across complacency. Many executives feel they are not interesting enough for hackers to even care about the company and if something happens, they have insurance. It floors me to still see the attitudes from 10 years ago to today.
Travel executives must put this complacency behind them and start looking at security as a lever for revenue growth, as outlined in Amadeus’ Safeguarding information systems whitepaper.