JPMorgan Chase CEO Jamie Dimon recently stated that he expects the bank’s annual IT security budget to double from
$250 million to $500 million over the next five years in the wake of its massive data breach, which impacted 76 million households and 7 million small businesses (see: Chase’s Cybersecurity Budget to Double).
I expect those numbers make most CEOs gasp! Most CIOs or CISOs would beg to have pennies on each of those dollars in their budgets.
Whether your organization’s annual IT security budget is $25,000, $250,000, $2.5 million or an extraordinary $250 million or more, a fundamental issue exists in most organizations…
Are you spot welding your IT security?
Very little order, process or discipline exists around IT security expenditures. Most organizations have been forced into an operating mode that is tactical and looks like spot welding. Few organizations have formally established, implemented and continued to mature their information risk management processes. Has yours?
No matter how large your budget may be, on what basis are information risk management expenditure decisions being made? The ol’ annual budget process, usually based on the loudest vendors’ scare tactics? OR, does your organization conduct rigorous and bona fide risk analysis to understand and prioritize exposures and then use this ‘risk register’ as the basis for informed risk management decisions?
CEOS- the buck stops with you!
As I have suggested many times before… CEOs, you need to lead in this critically important matter. The financial, operational, legal, regulatory, reputational and, therefore, strategic risks are game changers for leaders, their people, their customers and all their other stakeholders.
We can assist you!
In our recently published white paper, we introduced the Clearwater Information Risk Management Capability Advancement Model™ (IRMCAM™) White Paper and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective information risk management program best suited to their unique needs.
Privacy, Security and Compliance Risk Management Resources Available to You
Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.
Please avail yourself of any of these free resources which you may access now by clicking on the links below:
- Risk Analysis Buyer’s Guide
- Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater Recorded Webinar event entitled How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater HIPAA Security Risk Analysis™ software DataSheet
- Clearwater HIPAA Security Risk Analysis™ software Free Trial for qualified organizations
- HIPAA HITECH Risk Analysis Resources
Register for one of Clearwater’s complimentary webinars on information risk analysis and risk management basics and get to grips with these issues and more.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis: OCR-Quality Audits | Another opportunity to provide assurance to leadership - March 22, 2017
- HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail - January 28, 2017
- The Importance of Improving Medical Device Security - November 14, 2016