IT Security is your Business Security
"How is it secure?" That question is being asked less and less by business leaders when making the decisions about technology. The prevalent assumption is that secure vs. insecure is a simple yes or no state, you either have it or you don't. This has become more widespread by vendors selling security products. The unfortunate part about this trend is that security is not a product, it is a process, which many organizations today are lacking.
Almost all businesses have the majority of their critical business information such as accounting , operations, design documents, customer lists stored electronically. What would happen if those documents fell into the hands of a competitor? Would they be able to usurp your competitive advantage? Or go after your customers? A significant amount of targeted security breeches are funded by organized crime or foreign states. How about being on the receiving end of Blackmail, or a Protection Racket?
The next time you see the annual line-item for IT Security Testing or IT Security Audit in the budget, replace "IT" with "Business" and re-evaluate whether that prevention is worth protecting the integrity, availability, and confidentiality of your business.