Is security really an IT problem?
Conclusion: If the broader business is to commit to investing in security, both emotionally and financially, they will need to buy into their responsibility. Security is likely to be seen as an IT problem because historically the minimum level of protection came through network and operating system security staff embedded deep in IT. Technical controls are not sufficient to protect an organisation from all known and potential threats as they are only as strong as the rules and configurations implemented by human operators. If nothing else, raising the profile of security to a broader audience with relevant, personalised messaging will begin to show the business how they can extract full value from security investments and dispel the belief that IT should solve the “security problem”.