Companies should disclose the state of their tech infrastructure twice a year and outline their data security policies and improvements as part of their standard disclosure to investors.
The idea, courtesy of Brian Sozzi, an equity strategist, via TheStreet.com's RealMoney site, is worth pondering.
I think companies need to start holding bi-annual state-of-the-union addresses via webcast on the state of their tech infrastructure. However, the main issue at play is that tech infrastructure has been so badly neglected by companies, and the sources of vicious attacks so deceptive, that execs continue to lack a firm grasp on the scope of the situation.
The general argument is that data security---and the risks and costs associated with it---has become a boardroom issue. How prepared are companies for attacks before they are actually cybercrime victims? Rest assured that companies will spend on improving their security once hacked and humiliated. But before those attacks many enterprises have scrimped on tech infrastructure.
Now publicly traded enterprises do disclose some items about their infrastructure in annual regulatory filings, but there isn't a ton of detail beyond a few boilerplate statements.
What Sozzi proposes could have wide ramifications. Consider the following breakdown.
- Enterprises that had to disclose they weren't keeping their tech infrastructure up to date would likely reverse practices.
- Security would get more attention by the boardroom. Cybersecurity is already front and center, but the focus revolves around not being the next Target or Anthem Health.
- The IT sector would likely see a spending boom as laggards invested in infrastructure to catch up.
- Technology spending would likely seen as more strategic overall.
- Disclosing that your tech infrastructure needed work would be like putting out a welcome mat for cybercriminals.
- Money that would be spent on revenue driving technology projects would be diverted.
- It's unclear that the disclosures would really do much to prevent sophisticated attacks anyway.
Nevertheless, Sozzi's take is worth considering if only because it would force enterprises to step up their tech games.