In the last six months alone, major companies including Microsoft, Wells Fargo, BJ’s Wholesale Stores and, most recently, Cisco Systems, have had to deal with the growing costs of information security exposures. From intellectual property leaks to the incredible cases of identity theft, the costs and risks of these crimes are growing exponentially. The U.S. Federal Trade Commission estimates that identity theft costs U.S. consumers $5 billion and U.S. companies a whopping $48 billion. The U.S. Chamber of Commerce estimated that the Fortune 1000 lost $49 billion in intellectual property disclosures in 2003. In order to protect themselves and survive, companies must rapidly adopt what we in the security industry see evolving into a paradigm shift toward the adoption of emerging information security technologies. These technologies are information focused rather than network focused and can see for the first time, what information is leaving the company’s perimeter; rather than looking for attackers coming in.

Surprisingly, this adoption will not be pushed by technologists, although technologists will make the critical decisions about what products hitting the marketplace earn best-of-breed status. The adoption will be pushed by the Board of Directors, CEOs, and CFOs of publicly-traded companies who will make information security issues an inherent component of a company’s corporate governance policy.

The laundry list of regulations including but not limited to Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the California’s Database Protection Act of 2003 will force CEOs and Boards to adopt new information security technologies sooner than planned to protect the critical information exposures that directly affect not only a company’s bottom line; but also their customers and shareholders as well.

The list of regulations are creating what many of us in the security industry have been calling “the perfect storm” for CEOs and the Boards of more than 12,000 publicly-traded U.S. companies. As costs continue to rise over time—primarily due to litigation costs and the financial impacts of lost intellectual property and every day—the risk of a breach continues to skyrocket as the connected nature of electronic business grows. Today, entire industries are networked in complex supply chains, corporate networks, and offshore development. Ironically, the infrastructure that has enabled companies to communicate electronically for the past 20 years also represents one of the most significant threats to their success. Now more than ever, corporate leaders need to personally address critical security issues within their companies, because when compromised, the end result is a negative impact on a company’s brand, competitive advantage, public trust, company reputation, and shareholder equity. Companies simply can’t allow these things to impact their bottom lines.

Therefore, CEOs and Boards must begin to understand the capabilities of new emerging information security technologies which actually have the ability to focus on the information flowing within the corporation. I call this information the “intangible assets” that are so valuable to a company that we often do not see or even know if they have been sent out the back door. The protection of these assets has gone unnoticed for too long. From intellectual property, trade secrets, financial reporting information and competitive pricing to IPO or M&A information, these are the intangible assets that once leaked, prematurely diminish the market cap and eat away at shareholder equity.