Why CEOs Must Understand Cybersecurity

ceo and cybersecurity

For many CEOs, the topic of cyber security is something of an enigma. Not only is it a new threat to business, relatively speaking, but it’s also a highly technical one that is also difficult to quantify. No company truly knows the risk that they face because no business has access to data from the cyber criminals themselves. 

Managing risk, therefore, is a challenge. Business leaders are aware of the potential threat that cyber attacks pose. But they’re also cognizant of the fact that most stakeholders in the company aren’t clued up on the costs and benefits of taking action. It’s just not clear which actions are worth taking and which aren’t. 

When things go wrong, they can go seriously wrong. Yahoo, for instance, saw its share price tank after it was revealed that some half a billion accounts had been hacked. Sony also got hacked back in 2014 and, again, the costs to the company were enormous. 

So what is it that CEOs need to know about cyber security, and how should they respond at an organizational level? 

Cyber Crime Is Still Crime 

We have an inbuilt revulsion for crimes committed in the real world. So too do law enforcement officials. But when it comes to crimes committed over the internet, companies, as well as the police, can have a different perspective. We use words like “malware”, "ransomware" and “hacking,” neither of which convey the same level of grievance as their physical equivalents, vandalism, and theft.

CEOs can sometimes be persuaded not to treat these crimes as seriously as if they were occurring on the company premises. But even though the perpetrators are hidden in cyberspace, they’re still causing damage to property and putting your business at risk. It’s the job of the CEO, therefore, to view cybercrime just as seriously as real crime, and report and record any events that occur. CEOs also need to champion the view that hackers are committing serious acts of aggression against the company and make sure that everybody in their organization understands why such activity is so serious and potentially damaging. 

Implement A Holistic Approach 

Enterprise network security is a lot more complicated than most CEOs imagine. It’s not enough to simply install an off-the-shelf solution for a complex business network, especially if your network design is non-standard. Often you need special attention to make sure that your system is as secure as it can possibly be. 

How can you do that? It’s worth having regular third party audits conducted to make sure that your company is robust to known forms of attack. But even with the best security, new threats can develop, and so it’s often worth buying insurance too to prevent the catastrophic losses suffered by companies like Sony which suffered breaches across their organization. 

Implement Policies To Prevent Further Damage After Breach 

Many CEOs imagine that the time between the attack and the discovery of the attack is short. They often imagine that all hackers want to do is corrupt their files and shut down their networks - something which would be immediately obvious. However, while it’s true that some cybersec criminals do use denial-of-service attacks, most aren’t in the business of bringing your business to its knees through overt acts of destruction. Instead, the majority of attacks are silent. And this means that it can take a long time between attack and discovery - 200 days on average. Worse still, from discovery to countermeasures takes a long time too - about 60 days, according to recent estimates, suggesting that companies are neither scanning regularly for evidence of a breach, nor well prepared should there be a breach in progress. 

So what should CEOs do? The first is to be clear with the IT team that their job isn’t the standard 9 to 5. Hackers don’t care about working hours - and they’re global, meaning that attacks can occur any time of the day or night. On top of that, CEOs need a plan in place, should there be a breach. This means generating better internal processes and testing responses through drills on a quarterly basis. 

Firewalls Provide About 25 Percent Of Total Mitigation

If you ask most people in the C-suite what it is that protects their business from cyber attacks, they’ll tell you that it’s their firewall. But firewalls aren’t actually the primary line of defense for your organization. Only around 25 percent of all attacks on businesses are prevented by third-party software: the rest are stopped by the proper action of people in your organization. 

CEOs need to be clear on one thing: people in their organizations are the biggest threat they face to cyber security. Employees compromising systems are the real danger, not remote attacks or zero-day attacks which exploit vulnerabilities in your systems. 

The solution is to make cybersecurity a part of the culture, and a habit. Employees must be encouraged to take all necessary precautions to protect company data, no matter where they are or what they’re doing. 

Cyber Attacks Will Happen, So Be Prepared 

Cyber attacks are a part of modern business, like it or not. Thus it’s more a matter of when not if. The reasons for this aren’t personal. Hackers know that they won’t be able to hack every company. As a result, they cast a wide net, looking for individual businesses with vulnerabilities they can exploit. Your company is likely to be included in their search, especially if there is evidence that you have valuable data. CEOs need to know that their organizations will be targeted, and so it’s important that they appear strong enough to hackers to put them off a direct, more sustained attack. 

Fiscals Risks In The US Are Still Low 

The EU has decided to make the business environment even worse in Europe by coming down hard on companies that “don’t look after their data” with fines. In other words, they’re attacking the victims of crime, rather than the perpetrators. The good news is that it’s not a crime in the US to get company data hacked, and so the direct fiscal risks for CEOs are still relatively small. But regardless of that, it is still PR suicide and immoral if you don't protect your employee, company, and consumer data. 

Luckily there are plenty of products that CEOs, CTOs, and CIOs can utilize for protecting private data.  If you would like a full run down of the cybersecurity products available you can compare the latest cybersecurity product at Compare Hare. That way you can decide what solutions will work best for your company to increase security and reduce liability.

digital media startup ebook

I hope you enjoyed this article about CEOs and realizing the cybersecurity needs of their companies to protect private data.

Interested in more articles about cybersecurity and data protection?

Read My Blog Posts:

- 3 Benefits Of Security Breach Testing

- Understanding & Preventing Ransomware

More Bootstrap Businesss Blog Below

Official Bootstrap Business Blog Newest Posts From Mike Schiemer Partners And News Outlets