A lack of IT awareness in the boardroom is hindering the uptake of forward thinking security measures in Australian companies.
Patrick Teh, CIO of Hoyts Cinemas, said it is hard to get money from the board for IT initiatives. However, he said many IT managers are at fault as they do not articulate the intelligent benefits of security implementations.
"The board is always interested in the bottom line and security is far from their minds. I think one way IT managers can alleviate this problem is to paint a scenario to the board of what can happen if the dollars are not invested and back this up with case studies, rather than state the benefits of security."
Orica Australia CIO Philip Nesci agrees that the initiatives must be presented as a business case to the board, and then "it will be viewed as any other investment".
Terrie Anderson, Australia and New Zealand regional director for RSA Security, said there has to be an awareness at boardroom level for private enterprise to spend money [on public key infrastructure (PKI)].
"I talk to a lot of CIOs who are very aware and want to do things but can't get funding for them, and that's the problem. Board members are not necessarily being complacent, they just don't understand. They don't understand the power of what this gives them or gives the business."
President and CEO for RSA Security, Arthur Coviello believes a "big difference between interest and action" is at the heart of the apparent lack of response from boards on security issues.
Anderson said she still talks to a lot of board directors who say things like 'we shouldn't have PCs connected to the Internet', which is "a bit scary, but it is the reality".
"I think we need to have a greater IT presence [on the board]. In the US this is starting to happen, but it is not happening here. Our typical company director here, a non-executive director, is a still a lawyer, an accountant; that is the background that they are still coming from," Anderson said.
Teh believes the reason for a lack of IT presence on boards is the fault of the IT industry itself.
"The IT industry does not have a good name as we often over-promise and under-deliver. I think we need to change our culture, not build walls or hide behind 'IT talk'. We must prove that we are a value partner by gaining credibility."
Another reason it will be hard for IT professionals to gain a seat on the board is that the "IT profession is still in its infancy," Teh said. " Lawyers and accountants are old, traditional and entrenched careers within society. The IT profession will never mature as we are constantly evolving."
Nesci said it would be desirable to have IT expertise at various levels of the executive team, and that this would become increasingly important in the new economy.