That may motivate more companies to create the position of chief information security officer, a growing trend among security-conscious companies. Some 65 percent of respondents to the Pinkerton study said their company had a security manager overseeing the Asia Pacific region. Yet 35 percent of them rely on someone who is based in the US or Europe to oversee Asia from afar. Now might be the time to bring them back in from the cold.

Adam Lincoln is executive editor of CFO Asia in Hong Kong. Additional reporting by Esther Shein of CFO.com in New York.

What's It Worth?

How much a company should spend on security depends on the nature of its business. A system that executes financial transactions has a lot more at stake than an informational Web site; spending must be in line with the risk — a price range as long as a piece of string.

But even technologists like Robert Clyde, chief technology officer of US-based Symantec, the world's largest security software provider, and Mark Fabro, president and chief scientist at Terrasec, an information security consultancy based in Toronto, concede that technology cannot do the job by itself.

Firewalls, VPNs and the emerging breed of intrusion detection and user authentication systems are well and good, but as more companies use the Web to hook up with suppliers, employees and customers, security education and awareness demand equal attention. That process must extend from the IT department — easily distracted by day-to-day concerns like keeping a network up and running — through all levels of the organization.

Symantec's Clyde says that companies such as Microsoft, Sun, Hewlett-Packard, and IBM have done a good job at coming up with "patches" when they've found bugs in their operating systems or Web server software. Problem is, many servers aren't installed properly in the first place, or companies fail to keep up with the patches.

CFOs who don't know where to start are best advised to look for a trusted outsider to handle the job. A recent Pinkerton report acknowledges the emerging role of outsourcing as a viable security option. Says the study: "Outsourcing can increase the bottom line without compromising an organization's security programs and procedures."

• « previous
• 1
• 2