A few months ago, I sat around a breakfast table with the CEOs of several security organizations. Joining us was Richard Clarke, then the cybersecurity czar for the White House.After Clarke’s comments, the business executives peppered him with questions. One caught my attention: How could the industry create an event similar to Y2K that would encourage CIOs to invest in security products?I proposed an idea. Let’s create the IT security equivalent of the well-known Underwriters Laboratories. We can call it Security Underwriters Laboratories. With eyebrows raised, several at the table thought the idea had merit.During the following weeks, I talked about the idea with CIOs, CSOs and the management team at Underwriters Laboratories. Here’s what we propose to create: The Security Underwriters Laboratories (SUL) would be set up as a nonprofit organization funded by end user companies?not vendors. The goal would be to certify that a business has governance policies and technical infrastructure procedures in place to make that business a more secure company. Upon getting certification, a business would earn an SUL medallion that would last for three years.Yes, there are standards such as ISO 17799 already in place. But many people I spoke with claimed the process to apply for and earn that standard is too complicated and takes too much time. Something simpler is needed. One CIO who works for an insurance company posed an interesting possibility. Might the insurance industry write lower premiums for companies with SUL accreditation? The jury is still out on that. Another IT executive employed by a large financial services company suggested SUL accreditation levels should be allocated like Standard & Poor’s ratings. A “triple A” SUL medallion would be higher than a “double A” and so on.If SUL is to become a reality, ongoing operational budgets must be supported by fees from businesses seeking accreditation. Most people I spoke with felt security vendors could play an important role early on by getting SUL off the ground. But after that, vendors should recede to the sidelines.What’s your take? Could SUL become a reality? Do you see value in such an approach? Send me your comments, and I will use them in an upcoming column. Related content news Emirates NBD drives sustainability goals with Microsoft partnership By Andrea Benito Dec 10, 2023 2 mins CIO news COP28: How Du and Ericsson's partnership is supporting UAE Net Zero Strategy By Andrea Benito Dec 10, 2023 3 mins CIO Green IT brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe