Famous rock drummer, Neil Peart, from the band Rush once wrote “Time after time we lose sight of the way our causes can’t see their effects.” It’s how the world works. Again and again, year after year, we see people making the same mistakes. Rather than learning from our mistakes and vowing to do things differently moving forward, we often pretend that nothing ever happened in the first place. After all, it’s easier to ignore life’s challenges. Fully acknowledging the issues before us requires work and many people just aren’t up for that.
This scenario plays out in all facets of life – from our health to personal finance and practically everything imaginable that defines us as human beings. It’s also pervasive throughout business in terms of IT and information security. In fact, I see many security programs that look great on the outside but are hollow, even rotten, on the inside. Yet no one seems to notice it or is willing to step up to the plate and stand for what’s right. And many businesses wonder why they keep getting hit! The following are what I believe to be core reasons that information security programs fail time and time again:
Of course, every situation is different and many of these may not apply to you – but there are also plenty of other reasons for information security program failures that I didn’t list. Regardless, you should take note and keep these issues on your radar. I see these all the time. Better yet, make them your list of what not to do this year – sort of your anti-goals. If any one of these items takes hold, grows, and sticks around, it’s almost guaranteed that your information security program will be an uphill battle and likely never mature. Do your part, and coach others as well, to do what needs to be done to write this oh, so critical ship.
Help us learn more about the core reasons why information security programs fail by taking the survey below:
Receive notifications of new posts by email.