Cybersecurity has become a C-suite and board level issue. This is not surprising considering that data is now the world’s most valuable asset according to the Economist. And being uninformed on the issue is no longer acceptable, it’s time CEO’s lead cyber security initiatives.
According to Tripwire VP Tim Erlin, “Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organization. Data breaches are a problem that board-level executives need to be responsible for addressing, which means that the CISO must be involved in those board-level discussions. The board can’t take meaningful, productive risk management action without that expertise in the room.”
According to PwC, 83% of CEO’s are concerned about cyber threats, and with good reason. The number of attacks has more than doubled in the last two years, the average annual costs for a company exceeds $11 million, and CEO’s are being held accountable for breaches.
On the bright side, change is happening according to Accenture. Their study showed that board and CEO budget authorization has nearly doubled in the past year, from 33% to 59%. This news is a move in the right direction. Per Kelly Bissell, Managing Director of Accenture Security, “We’re seeing CEOs taking this seriously. They have become aware they must focus on this….This is the first time I’ve seen a positive report in that CEOs are getting more involved, they shouldn’t rest, but they are making headway.”
There are a number of issues driving the focus on security initiatives according to Gartner. At the top of the list is security risks followed by business needs, industry changes, as well as privacy concerns. And according to WEF Risks Report, cybersecurity is the third most likely risk facing us, followed by data fraud/theft.
While organizations are prioritizing cybersecurity, and the C-suite is taking the helm, there are challenges that service providers are stepping in to solve. According to Siddharth Deshpande, research director at Gartner, “Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business. Persisting skills shortages and regulatory changes like the European Union’s (EU) Global Data Protection Regulation (GDPR) are driving continued growth in the security services market.”
If you are a CEO who isn’t sure where to begin, we can help. We also found this article by Gregg Garrett, Head of International Cybersecurity for BDO, to be valuable in getting yourself up to speed. In it he provides a number of questions around three topic areas that will help you understand where you are and what you need to do:
- What should we know about cybersecurity?
- What should we do about cybersecurity?
- How do we assess the quality of our cybersecurity program?
For help addressing your cybersecurity initiatives, send us a note. Our executive recruiters here at Sheer Velocity have worked with CEO’s, CIO’s, CTO’s, and CISO’s on security needs across a variety of industries and understand best practices in a quickly evolving area.