As businesses suffer from a harsh economic climate, it seems that many are looking to take bigger business risks for larger returns - and to dramatically cut costs for ‘non-essential’ security plans and procedures.

Whilst it’s entirely understandable that business managers will be searching for high-risk opportunities that can help them beat the competition - security chiefs are warning that this must not be done at the expense of security planning.

Sharing their expertise at a recent tISS Security Forum, chief security officers (CSOs) from major blue-chip organisations stressed that disaster recovery and security planning must not be seen as being “nice to have” elements of any corporate strategy.

Many CSOs voiced concern that their IS teams were already feeling the strain - due to their work being less visible than other departments - and that skimping on IT security further would damage their organisations’ protection.

Whilst CSOs are realistic that having ‘gold plated’ security is not appropriate for many struggling companies, they were worried that IT security shouldn’t be thought of as optional or only necessary for the good times.

Participants were all concerned that many business managers were not aware of the reputational damage that security breaches can have for a brand.

Speaking at the Forum, one CSO said: “We’re finding that once we’ve said “no” to a project because of the IT security risks involved, people are increasingly trying to go round us to force their project through. We’ve got to get better at explaining the importance of security to the business and making security a positive issue.”