The War on Spending
Technology executives struggle with security. The problem: they won't know how much to spend on ituntil it's too late.Recent attacks in the West Bank, Riyadh and Casablanca may mean the war on terrorism is far from over. But despite those ominous rumblings, technology executives say they have not increased spending on securing their data networksand are still wrestling with the question of how much to spend.
These are findings of the Project Security: Business Continuity roundtable discussion held May 20 in New York City conducted by Baseline magazine and hosted by Symantec and PricewaterhouseCoopers. The 21 chief information officers and other high-level technology executives participating said a tug-of-war was going on in their heartsand mindsover whether security is the best object of spending in a time of limited budgets.
For now, these technology executives say support from their business-side counterparts is not the issue. If they need more money for a security project they get it. But that commitment frequently comes at the expense of another project.
Still, "if you dont take security seriously across the company, youre doing yourself a disservice," says Roland Voyages, CIO at Commerzbank Capital Markets.
Robert Schnitzer, vice president of infrastructure at mutual fund firm TIAA-CREF, says security is like life insurance; you dont know how much you need until disaster strikes. "Theres been a lot of spending on disaster recovery, but can we all say were prepared for another 9/11?" asks Schnitzer. "You think youre covered, but you never know how much is enough until you get hit."
Technology executives say that so far their higher-ups have been willing to do whatever is necessary to maintain security. But, if there is not another major terrorist attack for two or more years, spending on security could someday be viewed like the spending binge to prepare for the Year 2000 computer glitch. "Did we overprotect for Y2K?" asks Schnitzer. "Well never know."