Security is getting short shrift from b-to-b companies, says Mary Pat McCarthy, global chair of KPMG L.L.P.’s information, communications and entertainment practice and co-author of a new book, "Security Transformation."
In the book, McCarthy urges C-level executives at b-to-b companies to batten down the hatches in three areas of potential security weakness: processes, people and technology.
"There’s an alarming lack of awareness about Internet security at the top executive level," said McCarthy, who also is a member of the World Economic Forum’s Digital Divide Task Force and serves on the board of Silicon Valley’s Tech Museum.
Companies spend an average 5% of their IT budget on security, and that’s not enough, she said.
"It takes a company years to build a brand, and that can be devastated overnight by poor security," she said.
In b-to-b, security can be a people issue. When one employee is given too much weight in making Internet transactions, or an employee at a trading partner company wields unusual buying power, there is a risk those people will damage business processes if they become disgruntled.
"We dispel in the book the misnomer that security problems happen from outside a company, when in fact 80% of all problems come from inside the firewall," McCarthy said.