What CISOs Want Other Executives To Know About Cybersecurity

Posted on 01-10-2019
what should executives know about cybersecurity

In recent years, the push towards digital transformation has yielded significant efficiencies in providing instantaneous access to data and systems, as well as the ability to connect with clients and customers where they prefer to do business — online. However, concurrent with this trend is the rise in cyberattacks on companies, making the question of what should executives know about cybersecurity more prevalent.

Cyberthreats Are On the Rise

Anyone following the news has probably noted the recent rise in cybersecurity attacks and data breaches.  Data from Accenture showed a 27% increase in the average annual number of security breaches in 2017.  The scale of these security breaches has become tremendous; one highly publicized breach involved the credit bureau Equifax and the compromising of the personal data of approximately 143 people.

In addition to attacks to steal data, ransomware (malicious scripts that lock down computer systems until a ransom is paid) is also becoming a more viable threat, having doubled in frequency in recent years.

The costs of a cyberattack are increasing as well, with companies in the U.S. reporting the highest annual average losses of $21 million amongst developed nations in 2017. Of course, the costs depend on the size of the company and the extent of the damage, but the reality is that cybercrime is a real threat to business — and every day, cybercriminals are finding more ways to target organizations.

Considering all of this, it should be clear that cybersecurity is a major concern for all executives. After all, in the event of a breach, it’s the C-suite that is held accountable. For this reason, it’s imperative that as an executive, you’re fully informed about your organization’s cybersecurity policies and protocols.

Focusing On Cybersecurity

If information technology isn’t your area of expertise, it might seem somewhat intimidating to delve into the field of cybersecurity. Yet when you consider that all of your organization’s operations are driven by a computer network that’s connected to the Internet, it becomes clear that there isn’t a single department or team that couldn’t potentially be affected by a breach. You need to invest the time and energy to partner with your CISO and make sure that all of your protocols are sufficient, both when it comes to preventing breaches and responding to one.

To understand your company’s cybersecurity protocols, schedule a meeting with your CISO and have him or her walk you through the policies and protocols that are currently in place. Find out how often security assessments are performed and what the reason is for this frequency. Don’t be afraid to challenge established protocols, for example by suggesting more frequent assessments or outsourcing alternate assessments at different times during the year.

It’s also critical to understand your responsibility in terms of communicating the company’s cybersecurity protocols to your workforce. Insider threats — including human error and rogue employees — account for almost 75 percent of all security breaches. That’s why you need to promote good cybersecurity practices throughout the organization. This can include everything from the secure on- and offboarding of employees and contractors to the enforcement of secure BYOD policies to mandatory cybersecurity trainings.

Build a Culture of Security

Cyberattacks can have a devastating impact on an organization’s operations, reputation, and bottom line. By partnering with your CISO to strengthen your company’s cybersecurity protocols and championing awareness from the top down, you can help build a strong culture of security in your company — and that can play a significant role in protecting it from attacks.

By Bryan Kirby, Vice President and Executive Recruiter with Kirby Partners Healthcare and Cybersecurity Executive Search. Get in touch with Bryan.

View All Insights