How agencies' security efforts can drive economic growth
- By Dan Chenok, John Lainhart
- Aug 06, 2014
Understanding the link between cybersecurity, physical assets and economic growth can help the government design an approach that provides both IT and economic security. A cyber incident can have physical impacts, while a physical incident can have cyber implications -- and both are likely to come with economic costs.
To foster a climate in which cyber and physical assets foster economic vitality, both risks must be addressed and technology must be seen as a key player in economic development.
A security breach can have devastating economic effects and hinder the public's ability to receive the services it needs. In a 2014 Ponemon Institute study on the economic consequences of advanced persistent threat attacks, the majority of organizations surveyed said targeted attacks are the greatest threat, costing them on average $9.4 million in brand equity alone.
And the costs of those breaches continue to rise. According to Ponemon's 2014 U.S. Cost of a Data Breach Study, the organizational cost of data breaches has increased from $5.4 million to $5.9 million.
The ability to attract companies that drive economic and job growth might be affected should businesses hesitate to choose a location that has not protected its data from hackers. And people might avoid living and working in a region that loses its ability to provide services to constituents because of an inability to protect physical assets, such as automated water or electrical systems, from a cyberattack by hostile actors.
The connection between economic vitality and security is a critical consideration for government at all levels. Long-term, sustainable economic vitality is dependent on individuals' and businesses' use of technology to accelerate productivity. Yet greater use of technology also increases risk. The threat of data breaches, hacking attacks and loss of information increases in a way that could hinder economic growth, opportunity and stability. Accordingly, governments must focus on how to prevent both inadvertent and deliberate security risks.
To accomplish that objective, government agencies can adapt and incorporate security intelligence in their physical and cybersecurity solutions to help drive economic security and vitality. Security intelligence uses real-time data, advanced analytics and expert analysis to predict, identify and react to potential threats. Security intelligence goes far beyond the normal limits of IT security by automatically monitoring, analyzing and prioritizing an organization's risk landscape.
Sophisticated correlation and analytics, advanced threat analysis and continuous monitoring proactively highlight risks, helping to identify, track and address threats throughout an organization. Organizations with security intelligence are less likely to have a security breach and are better able to reduce remediation costs should a data breach occur.
To integrate security intelligence and drive economic vitality, agencies must develop a comprehensive, balanced strategy that includes all departments, missions and program owners. Building security intelligence starts by taking three important steps:
- Get informed. Take a structured approach to assessing business and IT risks.
- Get aligned. Implement and enforce security excellence throughout the organizations, divisions, departments and agencies of local, municipal, regional and national governments.
- Get smart. Use analytics to proactively highlight risks and identify, monitor and address threats.
With that approach, government can collaborate with industry to create a strong infrastructure and provide the foundation for delivering critical services and increasing trust and investment in an economy. And with that trust and investment comes growth, so holistically addressing security threats has a significant impact on the ability of agencies to deliver on their missions and contribute to the economy.
The ability to deliver on key public-sector missions in turn affects the economic prosperity of cities, states, regions and even nations. And as threats become more sophisticated and new technologies emerge, government organizations must get smarter about IT security. Those that have adopted security intelligence can meet evolving security and economic challenges in a way that enables mission and economic results.
By beginning with those three steps, government leaders can have a better understanding of where their organization stands, devise a customized plan and bring together business insight, advanced research and technology for a secure position that enables and encourages economic development, growth and vitality.
More on this topic is available in a related IBM white paper.
Dan Chenok is executive director of the IBM Center for the Business of Government, and a 2010 Federal 100 winner.
John Lainhart leads IBM's Public Sector Cybersecurity and Privacy Services.