Business objectives provide the foundational element for planning, managing, and growing an organization. When we think about business objectives it’s very easy to focus on the obvious elements like supply chain. For organizations that make cars, designers start the process, which is followed by a complex blend of resources including parts suppliers, assembly line workers, financial analysts, engineers, and human resource specialists just to name a few. Surprisingly all of these diverse resources align and “pull” in the same direction when presented a clear and concise set of business objectives.
Everything a car company does is aligned to further the goal of making great vehicles that consumers want to buy. This synergy is how growth and profit happens. In other words, everything is coordinated and aligned to support the business objectives. So how does information security fit into an organizations business objectives?
A common fallacy is that information security does not support business objectives. After all, cyber security doesn’t contribute parts to build a car, nor does it contribute to managing the people and other critical resource. So how does it contribute?
Consider asking the question in a different way, how does a lack of security detract from an organization’s business objectives? Operating a business in the twenty first century requires a complex blend of technology upon which organizations rely to effectively operate the business. The unfortunate reality is that these technologies are vulnerable to a variety of malicious cyber-attacks.
Cyber-attacks have a disruptive impact on business operations that may have damaging long- term implications like supply chain interruptions, production delays, and lost revenue. A proactive approach that includes information security as a foundational component of business operations dramatically reduces the potential impact of cyber-attacks. Just like other areas of the business, information security is an investment, the goal of which is to mitigate risk and make cyber-disruptions both rare and ineffective.
So how does information security become an integral part of business operations and ultimately support business objectives? It really starts with simple planning. Building an information security program is a process that starts with a plan. Starting with an established framework like CIS or ISO provides the building blocks for success. Integrating the given framework into everyday operations will ensure that security is a priority, and if security is a priority, risk to integral business objectives is mitigated.
Does cyber security help a business achieve its goals directly? The answer to this question largely depends on the impact a cyber-attack will have on business. A cyber-disruption can be more devastating than short term revenue loss. Reputational risk has a more far reaching impact that can drive clients away near term and long term.
Avoid the urge to think of information security as a separate component that must be maintained. Think of it as a practice that should be pervasive into all parts of the business. Cyber security is more than just setting up the correct firewalls and encrypting the right files; it’s a blend of effective planning and ongoing execution that mitigate risk of a security breach. When executed correctly, a good security plan and practice will enable an organization to be secure in its continued growth toward its business objectives.
So, does information security directly link to business objectives? Not really, but without it organizations run the risk of confronting challenges to their objectives that otherwise would not have been encountered and thus security is an integral part of any business looking to have continued success. When integrated successfully, information security can be used to protect the core mission of the resources that pull a business toward its business objectives including the parts suppliers, assembly line workers, financial analysts, engineers, and human resource specialists, ensuring that the car company from earlier can continue to grow and generate profit.