Contact Us

Newsletter Sign-Up

3 min read

Why the Cybersecurity Discussion Needs to Happen in the Boardroom

Oct 4, 2018 1:01:39 PM

 

Why_the_cybersecurity_discussion_needs_to_happen_in_the_boardroom

It is becoming more and more critical for a business to have a good, strong cybersecurity strategy. With the number of cyber attacks and security breaches on the rise, it has become evident that no one is immune to the danger posed by digital attacks.

Despite that danger and the risks faced by every business, cybersecurity often takes a back seat to other company needs that are perceived to be more critical by senior executives.

Last year alone, the average cyber attacks cost enterprises in North America about $1.3 million per instance. Cyber attacks on small to medium-sized businesses cost over $117K.

Considering 85% of businesses have experienced a security breach of some sort (whether they know it or not), the amount of money spent on recovering from these attacks is staggering. Why aren't businesses stopping cyber attacks before they happen?

Stopping a cyber attack before it happens is incredibly difficult if cybersecurity isn't a priority for business. How do you make cybersecurity important though? The answer is simple: the only way to make cybersecurity important is discuss it frequently at a boardroom level.

Why at the boardroom level? The discussion needs to happen at the boardroom level because that is where a company's decision makers are. Those decision makers are the ones that set a business's agenda and decide what a company will prioritize and what it will leave off the schedule.

The absence of a good cybersecurity strategy can cause significant problems for a business. If a senior executive doesn't believe it's essential to develop a cybersecurity strategy, it's rare that anyone else in the organization will be able to establish one without support from the top.

Simply put, if cybersecurity isn't a top priority for the decision makers, it won't be important to anyone else in the organization.

A recent study from Fortinet shed some light on the subject on just how unimportant cybersecurity is in certain situations.

The study showed that despite the ever-increasing rise of cyber attacks, 48% of the IT decision makers polled felt cybersecurity was not a top priority amongst boardroom discussions.

Considering that one of the primary jobs of a senior executive is to mitigate potential business risk, it's worrisome that the development of a strong cybersecurity posture for their business isn't more of a priority, especially considering the damage a cyber attack can do to a brand's reputation.

That damage to a company's brand can include a loss in consumer confidence but also damage investor and shareholder value.

When you put all of those things into perspective, it makes the idea of discussing cybersecurity more frequently in the boardroom all the more attractive.

That's not to say senior executives have entirely ignored their business' cybersecurity concerns. The same Fortinet survey mentioned above states that IT professionals saw an increase in cybersecurity interest from the boardroom after ransomware attacks like WannaCry and NotPetya took the world by storm.

While ransomware and malware attacks have been widespread and very news-worth lately, stopping ransomware isn't the only thing a senior executive should focus on when they decide to get involved with developing a cybersecurity posture.

That's not to say stopping a ransomware infection isn't essential. It is! However, it's a decision made in response to a flavor of the week kind of threat. A healthy cybersecurity posture needs to be proactive, not reactive.

Because cybersecurity gets talked about so infrequently at the boardroom level, it might seem like installing end-point protection software is all a business needs to protect their intellectual property.

If the topic were discussed more often, the increased flow of information would probably make the need for other defensive strategies more apparent.

If you're only focusing on removing malware from your end-points, you probably won't notice close the hole that allowed the attacker to install the malware in the first place (i.e., a Social Engineering Attack )

Oddly enough it's senior executives who are the most targeted by attackers, but they may never learn a fact like that without taking the time to discuss cybersecurity at a higher level.

So how do we change the situation at hand? How do we start discussing cybersecurity where it matters? Start with a free cybersecurity risk scorecard. You can't manage what you don't measure and a scorecard from Security7 Networks might be what it takes to gets the cybersecurity discussion going in your boardroom.

boardroomshenanigans

(We're not trying to make a monkey out of you. We promise you won't regret signing up for the cybersecurity risk scorecard...)

Carl Keyser

Written by Carl Keyser

Experienced Marketer & Graphic Designer. Professional skilled in Graphics, Branding & Identity, Typography, Adobe Creative Suite, Google Analytics, Google AdWords and HubSpot Inbound Marketing .

Featured