Information security isn't just a luxury in this day and age. It's a necessity. For the longest time (and even today in some companies), security was (and is) within the purview of the CIO, a bullet point on a long list of pre-existing responsibilities and job requirements to look after.
Ignore security long enough, though, or neglect to pay it the attention it deserves, and the bad guys will pay attention to it for you: Witness what happened at Target and, more recently, at Home Depot. These incidents were very serious security breaches that let attackers gain access to sensitive payment data over a long period of time – a few weeks in the case of Target and a few months in the case of Home Depot. Consider that. Bad guys infiltrated the most sensitive of systems at a company for months, and only external entities (the banks) convinced Home Depot to look at their systems with enough of a fine-toothed comb to actually discover the breach and begin remedying it.
Timely, incisive articles delivered directly to your inbox.