Boards should be encouraged to spend on security by treating it as an investment in the brand, and not just a cost of doing business, as it is currently more commonly viewed.
That's the view of Darren Argyle, global CISO at financial services firm Markit, speaking at Trend Micro's CloudSec 2016 event in London recently.
"We all know security is seen by boards as a cost of doing business. I sell it as an investment in the brand, and protection of the investments they've already made. Then they'll view it very differently," he said.
Argyle also recommended comparing security spend and maturity against industry competitors as one method of proving return on investment, traditionally a thorny area for security professionals.
"Boards are always interested in benchmarking. They want to know how they're doing compared to their competitors. Are they spending more or less? So demonstrate that in your benchmarking, or by providing a maturity assessment to that board. That should help with proving value," said Argyle.
Also speaking at the event was Troels Oerting, global CISO at Barclays, who explained that applications today need to be secure and intuitive to use.
"When I arrived at Barclays we already had 13,000 developers. In banking, applications sell products, not the other way round, so any road to a successful digital future leads through security," he said.
"Applications need to offer privacy and security and be convenient. In the old days we developed then penetration tested, then it was released. Now security is built in by design in development."
Oerting also advised firms to invest in intelligence in order to better understand the threats of the future, so that they can plan now for the protection they'll need in the coming months and years.
"I'm not interested in what's hitting me now, but what will hit me in the future. We invested in intelligence, otherwise I'm investing in the past and the criminals are busy finding new ways to attack me," he said.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software