A few months ago, I sat around a breakfast table with the CEOs of several security organizations. Joining us was Richard Clarke, then the cybersecurity czar for the White House.After Clarke’s comments, the business executives peppered him with questions. One caught my attention: How could the industry create an event similar to Y2K that would encourage CIOs to invest in security products?I proposed an idea. Let’s create the IT security equivalent of the well-known Underwriters Laboratories. We can call it Security Underwriters Laboratories. With eyebrows raised, several at the table thought the idea had merit.During the following weeks, I talked about the idea with CIOs, CSOs and the management team at Underwriters Laboratories. Here’s what we propose to create: The Security Underwriters Laboratories (SUL) would be set up as a nonprofit organization funded by end user companies?not vendors. The goal would be to certify that a business has governance policies and technical infrastructure procedures in place to make that business a more secure company. Upon getting certification, a business would earn an SUL medallion that would last for three years.Yes, there are standards such as ISO 17799 already in place. But many people I spoke with claimed the process to apply for and earn that standard is too complicated and takes too much time. Something simpler is needed. One CIO who works for an insurance company posed an interesting possibility. Might the insurance industry write lower premiums for companies with SUL accreditation? The jury is still out on that. Another IT executive employed by a large financial services company suggested SUL accreditation levels should be allocated like Standard & Poor’s ratings. A “triple A” SUL medallion would be higher than a “double A” and so on.If SUL is to become a reality, ongoing operational budgets must be supported by fees from businesses seeking accreditation. Most people I spoke with felt security vendors could play an important role early on by getting SUL off the ground. But after that, vendors should recede to the sidelines.What’s your take? Could SUL become a reality? Do you see value in such an approach? Send me your comments, and I will use them in an upcoming column. Related content feature Expedia poised to take flight with generative AI CTO Rathi Murthy sees the online travel service’s vast troves of data and AI expertise fueling a two-pronged transformation strategy aimed at growing the company by bringing more of the travel industry online. By Paula Rooney Jun 02, 2023 7 mins Travel and Hospitality Industry Digital Transformation Artificial Intelligence case study Deoleo doubles down on sustainability through digital transformation The Spanish multinational olive oil processing company is immersed in a digital transformation journey to achieve operational efficiency and contribute to the company's sustainability strategy. By Nuria Cordon Jun 02, 2023 6 mins CIO Supply Chain Digital Transformation brandpost Resilient data backup and recovery is critical to enterprise success As global data volumes rise, business must prioritize their resiliency strategies. By Neal Weinberg Jun 01, 2023 4 mins Security brandpost Democratizing HPC with multicloud to accelerate engineering innovations Cloud for HPC is facilitating broader access to high performance computing and accelerating innovations and opportunities for all types of organizations. By Tanya O'Hara Jun 01, 2023 6 mins Multi Cloud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe