This entry is part 7 of 9 in the series CEO-to-CEO

JPMorgan Chase CEO Jamie Dimon recently stated that he expects the bank’s annual IT security budget to double from
$250 million to $500 million over the next five years in the wake of its massive data breach, which impacted 76 million households and 7 million small businesses (see: Chase’s Cybersecurity Budget to Double).

I expect those numbers make most CEOs gasp!  Most CIOs or CISOs would beg to have pennies on each of those dollars in their budgets.

Whether your organization’s annual IT security budget is $25,000, $250,000, $2.5 million or an extraordinary $250 million or more, a fundamental issue exists in most organizations…

Are you spot welding your IT security?

Very little order, process or discipline exists around IT security expenditures.  Most organizations have been forced into an operating mode that is tactical and looks like spot welding.  Few organizations have formally established, implemented and continued to mature their information risk management processes.  Has yours?

No matter how large your budget may be, on what basis are information risk management expenditure decisions being made?  The ol’ annual budget process, usually based on the loudest vendors’ scare tactics?  OR, does your organization conduct rigorous and bona fide risk analysis to understand and prioritize exposures and then use this ‘risk register’ as the basis for informed risk management decisions?

CEOS- the buck stops with you!

As I have suggested many times before… CEOs, you need to lead in this critically important matter.  The financial, operational, legal, regulatory, reputational and, therefore, strategic risks are game changers for leaders, their people, their customers and all their other stakeholders.

We can assist you!

In our recently published white paper, we introduced the Clearwater Information Risk Management Capability Advancement Model™ (IRMCAM™) White Paper and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective information risk management program best suited to their unique needs.

Privacy, Security and Compliance Risk Management Resources Available to You

Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Register for one of Clearwater’s complimentary webinars on information risk analysis and risk management basics and get to grips with these issues and more.

Series Navigation<< CEO-to-CEO: Don’t Let Them Checklist Their Way to SecurityCEO-to-CEO: Lead by Changing the Conversation >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.