It seems information security is getting to the front line of business imperatives. More than ever before, executives are giving IT security and data protection initiatives the attention they've required for some time. Despite the overriding need of most companies to dedicate budget to more pressing IT and other organizational projects, information security has been recognized as an essential part of the business. Failing to take notice of securing critical data, particularly customers' private information, is paramount to failing at the overall business.

This was borne out in the SC Magazine/MXI Security: Guarding against a data breach survey 2008, conducted in partnership with Millward Brown. As you'll see, it seems information security has become a top of mind issue for most companies — no small feat given the finite amount of dollars trickling down to IT. The reasons run the gamut, but it seems the major drivers, unsurprisingly, are compliance mandates, reputational risks, board- and executive-level directives, and others.

Indeed, as this edition's cover story on Mass Mutual's CISO Bruce Bonsall shows, information security is becoming a competitive differientiator. And while some of the respondents to the survey expect their budgets to remain constant from last year to this one, a little over half see an increase coming. (A small percentage foretells an unfortunate decrease. Experts interviewed for the data breach survey story warn that these latter respondents would do well to start looking for other jobs with companies whose executives understand information security requirements facing businesses today.) Whatever the budgets, though, the key is that the majority of executive leaders understand that IT security is simply part of a sound, acceptable business operation. Failure to pay proper attention to data protection and risk management imperatives may mean that customers switch to competitors who actually care about the safety of their private details and, worse, participate in class action lawsuits. This, then, could result in profits dwindling and long-standing corporate reputations getting tarnished — maybe irrevocably.

Such a core part of business operations cannot be given short shrift. Demands for sound data protection and information security planning will only get louder from customers, regulators and executive board member.

All organizations, not most, will need to view IT security as the business necessity it has become in today's corporate economy.

- Illena Armstrong is U.S. editor-in-chief, SC Magazine.