
Why the C-Suite Must Embrace Cybersecurity


Chris Riley, President of U.S. Operations, SSH Communications Security
Cybersecurity is not intended to be the thing that stops the flow of business. It’s like brakes in a car: there when you need them, but not slowing you down when you don’t.
The best cybersecurity infrastructure is unobtrusive, working quietly in the background. Instead of a cost center, as many view it today, cybersecurity should be seen as a growth enabler or differentiator, by permitting the type of innovative investments that allow the company to scale into new markets.
It’s easy to view data security efforts as expensive outlays that slow down business and frustrate employees, users and customers alike. C-level executives need to be aware of how their organizations’ security measures affect the flow of business.
It is a potentially disastrous mistake for executives with non-technical backgrounds to simply assign responsibility for cybersecurity to the chief security officer, chief information security officer or IT team. C-suite executives might see the iceberg ahead, but do they really understand the size of the problem below the surface?
Cybersecurity: Executives Wanted
Executive involvement sets the tone for cybersecurity in an organization. If the top executives are not involved directly, it can give the impression that cybersecurity is not a number one priority; employees can do it tomorrow or whenever they have time. When the board or CEO starts asking the management team about what measures the company has in place to avoid becoming a headline, then there’s a much bigger chance of real change taking place.
The best cybersecurity infrastructure is unobtrusive, working quietly in the background
Executives who fail to read the handwriting on the wall are setting themselves up for dire consequences. The boardroom is placing the responsibility for cybersecurity squarely on the C-suite’s shoulders. As we have seen in recent headlines, a particularly bad public data breach can ruin a CEO’s career. As enterprises and government agencies are required to follow NIST and other cybersecurity guidelines, more than just the CEO will be targeted for replacement.
Four Steps for the C-Suite
C-level executives must be intellectually curious and become intimately familiar with the company’s cybersecurity efforts. The following best practices are a good place to start:
1. Listen and Learn: Meet with the cybersecurity team. Ask questions and assess: What are they working on? What is their security posture, and what solutions are currently in place? What is the critical business decision-making process used to determine what infrastructure MUST be secured? Where are the weak spots? How can the team see, control and maintain a more secure environment? Attend conferences and seminars to learn about what steps your peers are taking to protect their own companies. Make sure that you have knowledge of your current systems and the opportunities to improve–and as quickly as possible. Don’t wait for the next quarter or next year’s budget, because it might be too late.
2. Create a Cybersecurity Culture: Build security hygiene and compliance into compensation and reward packages (if they aren’t already). Make everyone in your organization aware of the risks and how they can keep the company safe. The goal is for everyone to understand the importance of cybersecurity to the company and your customers, and to underscore the importance of cybersecurity as a personal responsibility.
3. Learn where to Apply the Cybersecurity Brakes: Are employees circumventing security measures in order to access business applications more easily? Have they created a shadow IT environment of unauthorized systems and solutions for their convenience? When used properly, cybersecurity can be an enabler of new business, protecting data in the cloud and allowing the company to take advantage of the cloud’s cost-saving agility and flexibility, for example. Finding ways to minimize the risk of human error, such as automating as many security processes as possible, can also help increase business efficiency.
4. Stay Ahead of the Curve: Today’s evolving cyber threats require a totally new way of thinking. Companies need to adopt practices that don’t affect their workflow and don’t disrupt the actual business in any way. Look to what universities, incubators, and startups are producing, as they are the best sources for cybersecurity solutions and talent, and hire the expertise you need from that pool. Make sure your team is evolving with the threats.
Security is Good Business
These steps require a good deal of work, but the rewards are real. There are measurable business benefits for greater involvement in cybersecurity. If your network gets infected and your servers go down, that downtime will have a disastrous effect on your company’s bottom line, not to mention the sustained operational costs and damage to reputation.
Business happens at the speed of trust. Partners and customers must be able to trust your company’s solutions, products and services. By leading from the top down, the C-suite can help ensure that the organization is protected appropriately while maintaining performance and ensuring that security measures do not disrupt operations in any way. Once the C-suite has established a security game plan for the organization and is confident that the team is performing at the right level, you can trust in your critical information flow and sleep better at night.
Top-Down Digital Safety
With the massive breaches of the last three years still fresh in shareholders’ memories, the C-suite must take steps to ensure that cybersecurity is always on their radar. Securing the network is no longer someone else’s job. Executives must all work together to do their part to keep digital assets safe or, to paraphrase Ben Franklin, they are likely to hang separately.
ON THE DECK
Featured Vendors
Adirondack Information Security LLC: Effective and Affordable Cybersecurity Consulting For All Businesses
LBMC Information Security: Fortifying Your Data with Real-Time Monitoring and Dedicated Professionals
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Why Every CISO Should Develop a Secure Software Supply Chain?
Are Your Value Props Still Relevant in the Changing Market?
Building and Maintaining a Risk Averse Security Program
The Race to Digitize the Insurance Industry
FinTech Down, "But Not Out"
The Softer Side of Directing Digital Transformation
