Boards should be encouraged to spend on security by treating it as an investment in the brand, and not just a cost of doing business, as it is currently more commonly viewed.
That's the view of Darren Argyle, global CISO at financial services firm Markit, speaking at Trend Micro's CloudSec 2016 event in London recently.
"We all know security is seen by boards as a cost of doing business. I sell it as an investment in the brand, and protection of the investments they've already made. Then they'll view it very differently," he said.
Argyle also recommended comparing security spend and maturity against industry competitors as one method of proving return on investment, traditionally a thorny area for security professionals.
"Boards are always interested in benchmarking. They want to know how they're doing compared to their competitors. Are they spending more or less? So demonstrate that in your benchmarking, or by providing a maturity assessment to that board. That should help with proving value," said Argyle.
Also speaking at the event was Troels Oerting, global CISO at Barclays, who explained that applications today need to be secure and intuitive to use.
"When I arrived at Barclays we already had 13,000 developers. In banking, applications sell products, not the other way round, so any road to a successful digital future leads through security," he said.
"Applications need to offer privacy and security and be convenient. In the old days we developed then penetration tested, then it was released. Now security is built in by design in development."
Oerting also advised firms to invest in intelligence in order to better understand the threats of the future, so that they can plan now for the protection they'll need in the coming months and years.
"I'm not interested in what's hitting me now, but what will hit me in the future. We invested in intelligence, otherwise I'm investing in the past and the criminals are busy finding new ways to attack me," he said.
The new processors support Intel's Optane memory acceleration technology
Blockchain's killer app is bitcoin, the rest is mostly 'pure marketing', says MaidSafe's David Irvine
Blockchains are not suited to many of the data security purposes being put forward for them
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.