Is The C-Suite Guilty of Ignoring IT Security and its Associated Risks?

Is The C-Suite Guilty of Ignoring IT Security and its Associated Risks?

by | Oct 23, 2015 | , | 0 comments

Last year, Target’s CEO stepped down after one of the worst cyber-attacks we’ve seen yet. In the massive data breach, debit and credit card details of a staggering 100-plus million customers were stolen.

Unfortunately, Target is not alone. More than 90 percent of Fortune 500 companies have been victims of cybercrimes, and cases of security leaks and hacks hit the headlines nearly every day. A recent Accenture report, Business Resilience in the Face of Cyber Risk, found that two-thirds of executive say their organizations “experience significant attacks that test the resilience of their IT systems on a daily or weekly basis.”

And yet, cyber security often takes a back seat in the c-suite and the boardroom. PwC’s Global State of Information Security Survey 2015 found that 58 percent of CEOs and board members have no role in the deployment of cyber security measures, nor in the protection of their organization’s digital assets.

Considering the billions of dollars that hacking has already cost companies—along with blows to customer trust and confidence—cyber security isn’t something to delegate to IT. It must be a core priority in the c-suite, especially at the CEO and board level. The risks of not paying attention aren’t just potentially damaging, they could be deadly for your brand.

Customers are More Security Conscious than Ever

As cyber-attacks keep coming, customers are more concerned about the security of their personal information than ever before. Don’t be surprised if potential customers start asking whether you have a strong cyber security plan, and what steps you are going to have in place to keep their data safe. In fact, security is now one of the most critical factors for winning contracts. Clearly, the C-suite needs to get involved in the cyber security game.

Cyber Security is Not Just IT’s Problem

Data security has long been thought of as a strictly IT responsibility. This is no longer the case: Cyber threats can bring large-scale damage down on companies, not just to finance and public relations but to staff morale and productivity, as well as a negative impact on growth.

Many companies are going through a digital transformation, too—if they didn’t have a largely digital presence from the day they launched. Enterprise mobility, remote workers, cloud-based business operations, and even bring-your-own-device (BYOD) practices bring significant benefits, but can also potentially leave an organization vulnerable to a whole range of cybercrimes.

Speaking to Accenture’s report, Brian Walker, managing director of Accenture Technology Strategy, says the big question for organizations is not if but when a cyber-attack will happen. “[Companies] cannot prevent an attack or failure, but they can mitigate the damage it can cause by taking steps to make their business more resilient, agile and fault-tolerant,” he said.

The C-Suite Must Come Together on the Cyber Security Issue    

There’s no magic bullet to help organizations block cyber breaches; every organization needs to find its own solution. This is why it’s necessary for a CEO to raise the priority of cyber security not just with the CIO but across the C-suite and the board. A lot of information gets trapped between departmental silos—miscommunication and inconsistent security measures included. Leaders must work together to break down those silos and create damage-prevention strategies that flow seamlessly from one department to the other.

For example, successfully responding to a cyber-attack may depend on a variety of senior people within your organization working together, and what steps they take individually to help remediate the problem. For example:

  • How quickly your chief human resources officer can scale your workforce to respond to customer concerns, as well as any damage to customer data and intellectual property.
  • How efficiently your chief financial officer manages any issues stemming from non-compliance with legislative requirements, to help lessen the financial burden.
  • How well the chief marketing officer responds to minimize the impact on the brand’s image and reputation after the attack.

A successful cyber security strategy can only begin when an organization’s leaders are educated about all the potential risks. As the person at the helm of an organization, the CEO needs to take it upon him or herself to get other C-suite members involved. Without a combined effort, strengthening IT security isn’t just difficult, it’s impossible.

Additional Resources on this Topic:

Ten Tips to Improve Cyber Security in the Digital Era
Cybersecurity’s Human Factor: Lessons from the Pentagon
Why Managing Information Security as a Business Risk Is Critical, Part I

 This article was originally seen on Ricoh blog.

Photo Credit: GlobeSign via Compfight cc

Author: Daniel Newman

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. From Big Data to IoT to Cloud Computing, Newman makes the connections between business, people and tech that are required for companies to benefit most from their technology projects, which leads to his ideas regularly being cited in CIO.Com, CIO Review and hundreds of other sites across the world. A 5x Best Selling Author including his most recent “Building Dragons: Digital Transformation in the Experience Economy,” Daniel is also a Forbes, Entrepreneur and Huffington Post Contributor. MBA and Graduate Adjunct Professor, Daniel Newman is a Chicago Native and his speaking takes him around the world each year as he shares his vision of the role technology will play in our future.