What CEO’s needs to know about Cyber Security

Cyber attacks of the day are vicious and lead to massive financial losses to organization. When such incidents occur, the CEO is left answerable and accountable on to the stakeholders – Regulators/government, shareholders/investors, customers and employees on what led to the attack and could it have been avoided. The irony of the situation is that most CEO are not cyber security experts but the stakeholders expect them to be well informed on how to manage the risk.
There are two types of organizations; those that have been hacked and those who don’t know that they have been hacked.
John Chambers, Former Chairman & CEO Cisco Systems
Accept the reality
The reality is that every organization, no matter the size, industry of geographical location will deal with cyber incidents. It’s a bitter pill to swallow for CEO’s with emphasis being placed on lessening the impact when the inevitable occurs.
Assumptions
Cyber Security is an IT issue
This a very old myth. Cyber Security isn’t just an IT issue; it’s an enterprise risk. Cyber security is everyone responsibility – From board to junior staff. Everyone has a role to play to secure the organizations crown jewels. As much as the IT/Cyber Sec team may carry the responsibility of implementing and monitoring defense controls they need support from the other functions especially senior management. The board plays a key role in setting the tone for cyber security culture of the enterprise which is then cascaded down to management and the rest of the staff members.
The CEO plays a critical role in translating the board strategy into operational objectives that can be measured for the success of the enterprise. Cyber security maturity goes beyond;
- Are we meeting compliance?
- Has the annual IT Security audit been conducted?
In the cyber world, we are dealing with an adversary who is always seeking to be smarter than our cyber defense measures. A CEO can’t sit comfortably in their office and peruse through audit reports and be confident on the enterprise cyber security posture.
A cyber conscious CEO should confidently be able to answer the below questions;
- What are our crown jewels – Assets?
- Who is the adversary? What do they want from us?
If you know the enemy and know yourself, you need not fear the result of a hundred battles. Sun Tzu
- Do we have capacity to detect and contain a cyber attack?
- If I walk into the office on Monday and am alerted that we have been hit, what should I do?
Every company is now a cyber company
Digitization is playing a critical role in scaling of business today. As organizations undergo digital adoption, cyber security is one of the risk areas where the business needs to continuously increase spending just to maintain the risk to an acceptable risk.
Cyber savvy CEO are findings ways to turn cyber security into a competitive advantage rather than just managing a risk. Cyber Security is being incorporated into new products and services and opening revenue channels for the business.