Being on the nightly news may be something that your organization would love if it was for a great reason. However, I don’t think any of us want to be there because we are the latest victim of a cyber breach.
I have been in the information communications technology and cyber industry for more than 20 years. I have seen the area grow from something that the ‘IT guy’ would manage, to being a specialized skill set held by often misunderstood, shadowy teams, stereotypically operating from secret basement offices.
Cybersecurity teams are no longer hidden from sight; they are no longer mythical creatures but are trusted advisors with an important seat at the boardroom table. They are key to helping organizations and leaders stay off the front page news.
Cybersecurity is not an IT problem though; it needs to be a core focus of the C-suite in all organizations. It needs to be understood and driven from the top down to show your organization that you take cybersecurity and its risk very seriously. It needs to be seen and adequate funding allocated to create a real impact.
You are probably sitting there reading this and thinking, “I don’t need to understand cybersecurity, I have people for that”. Yes, that is partially true. You don’t need a deep understanding of cybersecurity in a technical sense as a board director or C-suite executive.
But if you are going to succeed as an organization and as a senior leader you need to understand the importance of good cybersecurity governance.
You will need to understand what your risk appetite is and what your organization is doing proactively to help ensure the risk is being reduced or controlled. Cyber insurers are restricting payouts for incidents, and they are verifying that organizations are actually taking appropriate steps to improve their cybersecurity maturity.
If you are going to succeed as an organization and as a senior leader you need to understand the importance of good cybersecurity governance.
A major cybersecurity incident or breach can bring organizations to their knees, with companies going out of business due to both reputational damage and loss of ability to carry out regular daily activities.
That should be concerning enough for any senior leader, but governments all around the world are shifting their focus toward holding senior leaders accountable for poor cybersecurity practices. Chief Information Security Officers and boards could face not just embarrassment or reputational issues from an incident, but also massive financial risk.
In recent times senior leaders have faced criminal charges that could see them go to prison for making bad decisions and for ignoring their obligations as directors or senior leaders. Conversations are taking place at the highest levels of government around the introduction of regulatory obligations. These would force the leaders of organizations to stop ignoring the risks and prioritizing profits over their obligation to protect client data.
Leaders must do everything possible to ensure that personal identifiable information is only stored if it is needed and constantly focus on building resilience in their organization’s systems.
If you are a senior business leader, no matter your industry vertical, this is your time to stand up and take note. You need to build a minimal understanding of what is required so you can truly manage your risks. Ignorance is no longer an acceptable defense.
If you are a senior business leader, no matter your industry vertical this is your time to stand up and take note.
You are not alone in this journey. Many industry experts like me are out there helping leaders understand the digital world we live in and develop the knowledge needed to reduce and effectively manage the legal risks.
This is your moment. Take that first step.
Craig Ford
Contributor Collective Member
Craig is the Co-Founder and Executive Director of Cyber Unicorns, a cybersecurity consultancy. He is a cybersecurity professional with more than 20 years of experience in the information and communications technology and security industry, as well as a cybersecurity journalist who has written for 'Women in Security', 'Cyber Australia', 'Cyber Today', 'SecureGOV' and more. Craig is the author of three different book series, 'A Hacker I Am', 'Foresight' and 'The Shadow World', with a total of seven books. For more visit https://cyberunicorns.com.au/