You’d think that the increase in the number of breaches and their financial impact would increasingly make security a boardroom topic. Nothing could be further from the truth. For the past decade, we’ve closely researched the Indian enterprise infosecurity landscape and it’s fascinating facts—an average of 2,800 attacks daily in 2014; 22 percent of breaches caused by organized crime groups; attacks on financial organizations doubling across the last year.You’d think that the increase in the number of breaches and their financial impact would increasingly make security a boardroom topic. And, that organizations would have moved or be moving from a perimeter-obsessed security focus to one that is about managing cyber-risk holistically.Nothing could be further from the truth. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe If security were viewed strategically, then why have the numbers of CSOs in India shrunk year on year over the past decade, even as the number of CISOs has concurrently risen? If awareness is on the increase and managements are more concerned then why has security spending actually declined by 17 percent across 2013 and 2014?The latter clearly points to the struggles that organizations go through to determine optimal levels of security spend and the RoI of the outlay. Which brings me to the former issue. The reason that security is seldom sold to management as a business enabler is about how much protection business really believes it requires.If the considered belief is that Black Swan events are like acts of God, uncertain and unpredictable, which organization will pony up the funds? Explain that to the Gujarat and Haryana electricity boards which came across the weaponized Stuxnet worm, as did an offshore rig of ONGC.Most organizations tend to look at security either tactically or reactively. So, only so much is put in place to tackle hygiene till a breach occurs, when all hell breaks lose till systems and processes are put in place to avoid a recurrence.That’s what the rising CISO numbers reflect. A Tactical outlook. An outlook that doesn’t look to mitigate enterprise risk; just to paper over it.Given how much your organizations have to lose, from a financial and reputational perspective, isn’t it time to change the internal conversation? Otherwise harnessing the technologies that promise digital differentiation can lead to digital doom.What do you feel? Related content feature The year’s top 10 enterprise AI trends — so far In 2022, the big AI story was the technology emerging from research labs and proofs-of-concept, to it being deployed throughout enterprises to get business value. This year started out about the same, with slightly better ML algorithms and improved d By Maria Korolov Sep 21, 2023 16 mins Machine Learning Machine Learning Artificial Intelligence opinion 6 deadly sins of enterprise architecture EA is a complex endeavor made all the more challenging by the mistakes we enterprise architects can’t help but keep making — all in an honest effort to keep the enterprise humming. By Peter Wayner Sep 21, 2023 9 mins Enterprise Architecture IT Strategy Software Development opinion CIOs worry about Gen AI – for all the right reasons Generative AI is poised to be the most consequential information technology of the decade. Plenty of promise. But expect novel new challenges to your enterprise data platform. By Mike Feibus Sep 20, 2023 7 mins CIO Generative AI Artificial Intelligence brandpost How Zero Trust can help align the CIO and CISO By Jaye Tillson, Field CTO at HPE Aruba Networking Sep 20, 2023 4 mins Zero Trust Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe