Why cybersecurity is a boardroom issue
By on 27/02/2018
Filed under Digital Transformation
There will never be an end to cyber attacks on businesses. In fact, as long as technology continues advancing, so will the sophistication of cyberthreats. While such attacks are becoming smarter and more malicious, there are still a considerable number of businesses falling victim to the same old tricks, such as email phishing.
The average cost of a data breach is now at more than $4m, according to McKinsey. In many cases, cyberattacks have the potential to destroy a business, which is why cybersecurity is now a boardroom issue. It’s time for the senior managers in businesses to lead the charge.
Being fully cyber-resilient requires making very important decisions, the likes of which need the support and direction of C-Level executives. The big issue, however, is that in many organisations senior leaders, particularly CISOs or CIOs, rarely meet or attend board discussions, which can put a strain on the ability to make informed and strategic decisions.
It is crucial that top-level execs come together with a clear understanding of the type of threats their business faces and the solutions they have in place to defend against them. Only then can a business take real control of its cyber-resilience.
Be the change
As much as 87% of senior managers have admitted to accidentally leaking business data. When a C-Level executive is seen to be lax when it comes to protecting valuable company data, it’s no surprise that the rest of the business follows suit.
C-Level executives have the ability – and the responsibility – to make significant changes to how their business handles cyberthreats. This begins with them becoming the change they want to see across the rest of the business, and can start with something as simple as taking extra precautions with forwarding email attachments.
If senior managers openly treat cybersecurity as a business-wide issue, it will become a business-wide initiative.
Choosing the right defence
While good housekeeping will help to keep your business secure, it must be paired with robust threat protection software. Although this may sound like a matter for the IT department, it’s important to understand that having the right technology in place to defend your business will do more than just reduce risk, it will also be a business enabler.
Protecting your data will always require a trade-off with operational efficiency, but that trade-off becomes less when you have the right suite of tools, such as:
- Windows Defender Advanced Threat Protection, which helps enterprises detect threats, investigate the scope and quickly respond and remediate to prevent reoccurrence.
- Office 365 Advanced Email Threat Protection, which protects your email in real time against unknown and sophisticated attacks.
- Office 365 Threat Intelligence, which researches threats against your business, responds to malware and phishing attacks and searches for threat indicators from user reports.
While these tools are designed to keep your business protected and secure, they are also built with usability in mind.
IT is a business issue
Senior management giving time to cybersecurity was identified as the biggest driver of maturity in managing risk, according to a McKinsey study. In fact, C-Level buy-in was considered even more important than company size or sector.
Cybersecurity is a long, hard battle to fight but the more top-level executives realise that IT is a business issue, the better chance organisations have at staying secure.