Can security pros become champions for trust in their organizations? A recent study conducted by Ponemon Institute and sponsored by Unisys revealed that IT security professionals -- unlike their colleagues in non-IT business functions -- believe that strengthening the security of sensitive data is critical to building trusted relationships with customers, employees, investors, and other constituents.
The Trusted Enterprise Survey was conducted to understand what business leaders and IT security professionals believe are essential elements of a trusted enterprise. The survey provides an objective measure, called the Trusted Enterprise Index, on how these opinion leaders and the public view an organizations trustworthiness for providing a safe and secure operating environment for its key constituents.
Among IT security pros and business leaders, the top five attributes for building trust are customer satisfaction, leadership, fiscal management, quality, and respect for customers. Both groups believe unethical business practices, customer dissatisfaction, a lack of respect for employees and customers, and poor leadership erode trust in an organization.
However, business leaders place a higher value on risk management and good corporate governance practices to build trust. IT leaders, on the other hand, believe that inadequate intellectual property protection, weak privacy, and undependable IT will erode trust. About 20 percent of IT executives believe there is no visible support from senior executives for IT security and privacy issues.
As a result, one in three respondents do not trust their companys ability to handle sensitive information, and either aren't sure or dont believe theyre trusted by most of their business partners. Obviously, this has a large impact on a companys ability to effectively secure the enterprise. Many businesses are placing themselves at risk by ignoring the importance of securing their data handling processes to avoid a breach that could damage important relationships.
One important reason why business leaders dont place a higher value on protection of personal data, safeguarding intellectual property, and a secure operating environment is many companies do very little to measure the importance of these activities to the success of their organizations. In contrast, IT security professionals are closer to the issue and often held accountable when a problem occurs.
While our respondents generally agree that trust is vital to the success of any organization, many organizations are not doing enough to create trusted relationships with their key stakeholders. Specifically, 53 percent recognize that privacy protections build trust, and more than 73 percent believe that not protecting personal information erodes trust. However, more than one third of U.S. organizations have not assigned someone with overall accountability for protecting the organizations reputation as a trusted enterprise.
Companies should pay more attention to the security factors that can make or break their reputation. Further, they are at risk by ignoring potentially damaging relationships with customers, employees, investors, and other stakeholders.
Larry Ponemon is founder and CEO of Ponemon Institute LLC Special to Dark Reading