Some companies have impressive cybersecurity programs in place, while others could use some improvement. But what factors determine whether a cybersecurity program will be successful or not? According to Deloitte’s latest report on cybersecurity in the financial services industry, there are certain defining characteristics that some companies have that lead them to success. Here’s a look at what those are and what they mean for all industries in general.
The Importance of Getting Senior Leadership Involved
According to Deloitte, one of the main traits of companies that succeed in cybersecurity is getting senior leadership—including both the board and their executives—involved. Further, the survey found that companies with the most success in this area tend to have leaders who are very interested in many different aspects of cybersecurity. In particular, they’re interested in everything from reviewing threats and security risks to looking at the risks of a third-party breach and the overall security strategy.
Given this, it follows that the companies whose leaders are not very interested do not do well with cybersecurity. And Deloitte discovered this, too, finding that a lack of support among leadership often results in a lack of success in this area overall. For this reason, Deloitte pointed out that better education among leadership regarding cybersecurity and cybersecurity programs could increase engagement in this area, which would result in better security for the company.
Believing That Cybersecurity Is More Than Just Part of IT
Deloitte also discovered that another trait of companies that do well with cybersecurity is not leaving this topic entirely to the IT department. It should be considered more than a single department’s problem, at least if you want to ensure success when it comes to keeping the company secure. Granted, cybersecurity was originally left to IT because those were the only people who knew much about firewalls, strong passwords, and other tools meant for keeping the company safe from cybercriminals.
But these days, the companies that knock it out of the park with cybersecurity programs are the ones that segregate cybersecurity from IT. After all, this area is often too complex and far reaching for just IT to focus on, since that department has other responsibilities to take care of, too. According to Deloitte’s findings, some top companies already know this, as they split up cybersecurity and IT, though they often still have common lines of reporting. In fact, at the companies that Deloitte found to be best at cybersecurity, many have the reporting structured so that the Chief Information Security Officer (CISO) reports to the Chief Operating Officer (COO) or Chief Risk Officer (CRO) much more than to the Chief Information Officer (CIO) or Chief Technology Officer (CTO).
Aligning Cybersecurity Efforts with the Overall Business Strategy
Considering how much we rely on data and digital information, it’s no surprise that every day business functions have to use technology to perform daily operations. And it turns out that one detail that differentiates some companies from competitors is how well they use new technology to initiate innovation. Granted, that new technology can also expose businesses to vulnerabilities regarding cybersecurity. Deloitte found that the top two new technologies companies will likely start using soon include cloud and data analytics. You can probably see right away how these carry some risks regarding cybersecurity, especially as more sensitive information moves to the cloud.
But the good news is that Deloitte discovered that most of the companies that take cybersecurity programs seriously know it should be tied to their business strategy. After all, they named “business growth and expansion” their second largest challenge for managing cybersecurity. What was the first? “Rapid IT changes and rising complexities.” Clearly, as companies keep growing and using new technology, their cybersecurity risks grow right along with them, making it more important than ever to address these issues.
It’s also important to note that Deloitte’s survey found that money alone is not necessarily the answer to many cybersecurity problems. In fact, it turns out that not all the companies in the survey that had great funding for cybersecurity were necessarily seeing good results. So it seems that how companies secure their digital presence is just as—or possibly more—important as the amount of money they spend on this department.
At Inspired eLearning, we agree with this, as we think it’s imperative that you invest in security awareness training to ensure your entire company is aware of best practices. If you need help with this task, contact us to find out more about our security awareness training courses!
More sources on cybersecurity among businesses:
The original version of this article was first published on Inspired eLearning.