The beginning of a new year should mean that your IT security staff is re-evaluating your company's status, running checks, probing the defenses, maybe even submitting a new budget. And in a surprising trend, according to Forrester Research in a report published on January 25, “...many senior business and IT leaders are asking CISOs to better support and align with the business and IT objectives, requesting regular interactions and updates from security teams.”

CEOs are taking a greater interest in security, because they are becoming more and more aware of just how much it can affect their companies. Too many executives still think of IT security in the same terms as they think of insurance, it's there for when you need it, for when someone runs into your car or for when you have to visit the doctor. When it's out of sight, it's out of mind.

Unfortunately, this is exactly the kind of mentality that leads to headlines where national companies make front page news for their shortcomings, and this is one kind of publicity that everyone can agree is not good publicity. As an IT or software CEO, your most important resource is your information, it is the back bone of your company, the reason your company exists at all. And that needs to be protected.

A big security issue, and one you should touch base with your CISO about, are new and breakthrough technologies. According to a survey of network and system administrators published by Amplitude Research in April of 2010, 58% of those surveyed felt that social networking at work was a major or extreme security concern. The cloud, while it presents exciting new technology opportunities, is also a big source of stress to security officers. In fact, in a Switched.com article, also in April of 2010, Chris Drake, CEO and founder of FireHost, a secure web hosting company, was quoted as saying, “The cloud has knocked us back to the stone age of security.”

A high-level white hat at Microsoft, however, sees the encouraging side of the issue. “Last year (2010) marked a milestone: 100 gigs per second for DDoS (distributed denial of service) attacks. Point that hose at a legacy setup, and it will go down. Point it at the cloud and a node will drop, but it won't die. The biggest thing going on in IT security right now is self-healing in distributed cloud computing.” This specific issue caused recent news lightning rod Wikileaks to move their resources to Amazon's EC2 cloud service last December.

These new concerns are on top of standard security concerns, like bugs, vulnerabilities, and security remote access, which network admins cite as the number one cause of lack of sleep for four years running.

The last few years showed the vulnerability of the banking and financial industries when the community at large lost faith. If an IT company loses the faith of the public, who will want to continue doing business with it? This also translates to shareholders who will sell their stock if a company can’t handle their security. This can have a direct impact on short- and long-term company value.

Today’s CEO can no longer afford to think of security as insurance. When companies like Google get hacked and it makes international news, when companies like Bank of America or Citi Corp inadvertently provide social security numbers or other confidential customer data, the time has passed to pretend that security isn't a vital, daily concern. Think of your security team less as insurance and more as a flu shot. It helps you keep doing your job even when those around you are dropping like flies.