Blog
Business IT News &
Technology Information
CEOs and Cyber Security
Technology is amazing when it works for us, but not so amazing when it doesn’t. New tech innovations have helped businesses grow at an exponential rate, but as business technology grows, so does cybercrime.
Protecting a business’ security is not only a job for the IT team but one for the Chief Executive Officer as well. As a CEO, you should understand that any interruption in your information systems can hinder your operations, negatively impact your reputation, and compromise your customers’ private data.
According to the Ponemon Institute, the average annual cost of cybercrime for organizations is $11.6 million per year. They also revealed that there’s a lack of communication between IT and upper management.
In the past, enormous data breaches occurred because of malicious programs such as ransomware and the RAM Scraper malware. In fact, 2017 was the worst year yet for cyber attacks and ransomware.
In recent years, security breaches at Target and Equifax have been highly publicized. Target’s leak gave away the personal information of more than 60 million customers. A shareholder lawsuit was brought against their directors and officers. Although the board members were found not guilty, both the company’s CEO and CIO resigned. The Equifax breach affected over 143 million U.S. consumers, as well as customers in the U.K. and Canada. The breach took place between May and July but wasn’t discovered until weeks later.
IT and management must work together.
When it comes to cybersecurity, many CEOs don’t fully understand the urgency. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and are afraid of discussing what could be an intimidating topic, but this isn’t wise.
After The Ponemon Institute surveyed 5,000 IT professionals from more than 15 countries, including the U.S., it was discovered that over half of them believe their organizations’ security measures don’t provide suitable protection against cyber attacks.
However, some CEOs do work with their IT teams. These are mainly CEOs from tech companies. One such company is Okta. Based in Northern California, Okta’s goal is to go beyond passwords to better secure their information. According to the company’s CEO and Co-Founder Todd McKinnon:
“Securing your data with a single factor – a password – is a bit like locking up an expensive racing bike with a cheap chain and a padlock. It only stops unmotivated thieves. Ask any of the numerous companies that have grabbed the headlines this year. Single-factor authentication failed to protect the personal data of millions of people – and these companies paid dearly for the mistake.”
Andrew Chanin is the CEO and founder of New-York based PureFunds, a $1.2 billion-dollar company. PureFunds is a cybersecurity exchange-traded fund that invests in cyber security firms. When asked why he decided to start his company, Chanin stated:
“Cybersecurity has been growing regularly since its formation. Although cybersecurity was always a risk — ever since computers came about — recently, entire companies have fallen victim, as well as governments, to massive, costly cyber attacks. The U.S. Federal Government spent less than $1 billion on cybersecurity in 2000. For 2015, that number is $15 billion.”
The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:
- What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
- How is our executive leadership informed about the current level and business impact of cyber risks to our company?
- How does our cybersecurity program apply industry standards and best practices?
- How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
- How comprehensive is our cyber-incident response plan? How often is the plan tested?
When CEOs and IT work together, everyone wins. Take notice and follow the examples of tech companies. Make security priority-one so your business can flourish in all areas.