Organizations need an information security program for the same reasons we need locks on our doors and windows, to protect resources from bad actors both outside and inside the house. You may have locks on kitchen cabinets and covers on electric outlets inside the home, or you might have a safe or a fireproof box for your critical assets. You need to have the right security for the threats and risks that exist at that time. The same applies to any organization. You need to protect your technology assets and physical space and ensure your employees are involved in your information security program to deter attacks, recognize potential breaches and make appropriate notifications in the case of an attempted breach.