The new year is upon us, which means that you’ve hopefully gotten your fill of family, good food, and nostalgic playlists. It also means that the inevitable resolutions are also here. Since many of you will be busy with other priorities, I’ve put a quick list together of cybersecurity resolutions for CEOs and Founders. Committing to these resolutions will ensure a successful 2018:
Too many organizations integrate their cybersecurity budget within their IT budget. This is a flawed method that usually means cyber is under-funded. It also means the competing goals of the IT department could get in the way of an effective cyber strategy. IT’s job is to keep the digital infrastructure up and running. Security’s job is to ensure the company does not experience a disruptive incident. These two goals are sometimes at odds. Security needs independence to be able to operate effectively.
Cybersecurity is still viewed as a sort of black magic. As a CEO, you need to have a basic understanding of cyber risk, much like the understanding you have around financial risk. Most of the high-profile hacks you have read about occurred because the CEO was not holding his CISO or security team accountable. You need to ask things like, “How does our cyber program compare to others in our industry and best-practices.” Another good question is, “How comprehensive is our Incident Response process and what were the results of our last test?”
A typical organization has a small ratio of cybersecurity employees. This means everyone must have responsibility for the cybersecurity of the organization. Help your CISO or security team by requiring each business unit to have a proactive cyber plan. This includes detailed incident response procedures.
No cyber strategy is effective if it is not driven from the top-down. Even the most “low-tech” businesses rely on digital technology to provide their most basic business functions. Investing in cybersecurity is a differentiator which will help you win new business over your competitors. If you embody the message that cybersecurity is important, you reap the benefits of innovation and growth while reducing risk.