Is Security Now a Shared C-Suite Responsibility?

Technology professionals have long bemoaned a lack of interest — and knowledge — in the C-suite of the various security challenges that are faced by organizations. The recent cybersecurity attacks on organizations of all sizes have finally bubbled up to the level that executives from across business lines are taking notice and getting actively involved. In the past, cybersecurity may be something that was relegated to CIOs and perhaps the head of finance due to the increased risk factors to the organization, but these challenges are increasingly becoming a shared responsibility across the C-suite. We recently caught up with several technology leaders to see how their clients are creating a shared feeling of urgency for all executives to focus on cybersecurity.

Cybersecurity is a Team Sport

Organizations are no longer able to dismiss digital security procedures as something that should be handled in IT. Instead, businesses are looking for ways to pull in senior executives as well as management staff to raise awareness of the various threats with individual staff members. According to Wil Buchanan, President of Philantech3 Consulting Group, “Cybersecurity is a team sport. Everyone on the team needs to know the rules of the game (what’s expected of them) and there needs to a qualified coach calling the shots. For a cyber program to be effective, it must have a C-level sponsor”. Wil also notes that without a plan in place to support ongoing cybersecurity training and awareness, it would be difficult for organizations to prove that they are focused in this direction — something that could be critical in the event of a major lawsuit. Getting the C-suite involved throughout the lifecycle of your cybersecurity efforts helps raise awareness throughout the organization and keep this risk factor top-of-mind for all involved.

Make Cybersecurity More Rewarding

Your business may already have a plan in place for testing whether staff members are clicking on fake phishing emails, but are you rewarding those people who skip or even report the spam? “There is a shared responsibility for cybersecurity from the boardroom to the mailroom”, states Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and founder, LI Tech Advisors. Buonaspina advocates for not only re-training those people who manage to click on a test phishing email but to also provide a positive incentive for people who are clearly taking the time to consider cybersecurity when they’re online. This positive reinforcement helps staff members see that cybersecurity is an ongoing concern and one that is in their best interests to pay attention to. “Business disruption and cyber intrusion are incredibly expensive and well worth the relatively small investment into putting proper security hygiene in place for your company,” notes Buchanan. This type of messaging can be crucial when pitching cybersecurity to the C-suite.

Bad Actors are Better Funded and More Aggressive

There should be no pocket of the organization that is allowed to point fingers and claim that cybersecurity is someone else’s job. “The responsibility for cybersecurity goes across every thread of a company’s DNA”, notes Ilan Sredni, CEO and President of Palindrome Consulting. “We must be realistic that the bad actors trying to hack into our data are better funded and therefore much more advanced and aggressive”, going on to share that common sense and vigilance from everyone involved is what will help organizations come out on top.

While it may be tempting for some of the C-suite to take a more reactive role when it comes to cybersecurity, encouraging your executive team to lean in on this important topic could be what saves your organization from an extremely expensive data breach. From phishing attacks to ransomware, cybercrime is on the rise in 2019 and that trend is expected to continue. Hackers are discovering that they can access data-rich environments from businesses of all sizes, meaning that no one is truly safe from this pervasive threat to today’s businesses.

All opinions expressed on USDR are those of the author and not necessarily those of US Daily Review.