Cybersecurity remains a constant struggle for IT professionals despite improvements in technology tools for combating cyber threats. Yet surveys show that many business executives have a “What, me worry?” view of cybersecurity. Furthermore, executives often believe responsibility falls on IT and fail to recognize the role they play in an effective cybersecurity strategy.
This is a real problem, given that 61 percent of IT pros said they had experienced a data breach at their current employer. Furthermore, the financial liability of data breaches is increasing as cybercriminals target intellectual property. Intellectual property (IP) is now tied with personally identifiable information (PII) as the data category having the highest potential impact.
IT security teams are also increasingly worried about external threat actors compromising their network, which has forced more organizations to publicly disclose data breaches. Nearly three-quarters of all breaches require public disclosure, resulting in damage to the company’s brand and reputation as well as financial repercussions.
Fifty-five percent of IT professionals believe that C-level executives should lose their jobs if a data breach is serious enough. This viewpoint is not as extreme as it might seem — boards of directors are increasingly holding executives accountable for data breaches.
Organizations stand to benefit when executives take an active role in cybersecurity. Even nontechnical executives can help in a number of ways:
- Ask lots of questions. Executives should sit down with their IT staff on a regular basis and ask what their concerns and challenges are. What are the organization’s security weaknesses? What new threats put us at risk? What can we do better?
- Prioritize cybersecurity in their budgets. Security isn’t a cost to be minimized but an investment in the company’s brand, reputation and financial stability. IT can’t be given a blank check, but security investments should reflect the risk to the business.
- Align security with the business. A cybersecurity strategy doesn’t have to be at odds with business processes. Executives should work with IT to establish policies and select security tools that protect the business without hindering productivity.
- Communicate with customers and business partners. Executives should evangelize the organization’s cybersecurity measures as an important differentiator, and ensure that business partners have taken steps to secure their IT environments.
- Create a “culture” of security. Instead of demanding more lenient security policies for themselves, executives should be demonstrating that everyone plays a role in effective cybersecurity.
- Ensure your organization completes security risk assessments annually.
It all starts at the top. There is only so much that IT alone can do to protect the organization from cyberattack. Executives need to take the lead in their organization’s cybersecurity strategy.
Posted by Arthur Corallo
Arthur Corallo is the Chief Technology Officer at RMM Solutions. He has over 15 years of technology experience working with customers and partners. He has a working knowledge and understanding of technology trends. This includes areas such as Cloud Infrastructure, Security Solutions and IoT Deployments.LinkedIn