In a recent survery we asked how companies are navigating cybersecurity
We looked for progress on eight different cyber
Failures can have a profound impact on company performance; for many companies, this is an enterprise-level risk of the highest magnitude. But, almost half (48 percent) of respondents reported that cybersecurity is not managed like an enterprise-level risk; with 44 percent implying that their CEO and senior
This is not your father’s technology risk – a new disruptive technology that throws your business operating model in play or a communications, software or hardware system glitch or design flaw that disrupts
So, in this challenging environment, what’s the best path forward? For many companies, the steps needed to complete the journey are as follows:
- CEOs must lead. The CEO and senior leadership team need to be actively engaged in strategic decision-making and driving cybersecurity. The CEO must define the risk appetite for loss of information assets and disruption of operations, while incorporating cybersecurity into enterprise-wide risk management and governance processes.
- Everyone is responsible. Some experts say minimizing human error is even more crucial than technical upgrades. When asked if their personnel understand that cybersecurity is everyone’s job, nearly 40 percent of our respondents disagreed that their frontline personnel are trained to understand the value of the information assets they handle every day.
Training and accountability need to be strengthened throughout the value chain from the customer facing front line to network administrators. - Security is integrated. To effectively address cybersecurity and bring down the long-term cost of protection, security cannot be bolted on – as 43 percent of our respondents implied that was the case in their companies. Every facet of the technology environment needs to be shaped by the awareness of vulnerabilities; security should become a fundamental design decision in technology architecture. Company CFOs and CIOs need to be in agreement on the process for evaluating and prioritizing investments in cybersecurity risk management capabilities, perhaps with a very different approach to evaluating return on investment.