Business Journal Ask the Expert Column – May 2020
As a CEO, you encounter new and challenging risks daily, and on bad days, an hourly basis. From a financial crisis to a natural disaster, you as the CEO have to be both proactive and reactive in every situation. I have mentioned multiple times in my Ask The Experts, it is not a matter of if a cyberattack occurs, but when. A cybersecurity breach has closed a number of businesses across the country in the last few weeks amidst the COVID-19 pandemic. When this day comes, it is you who people will hold responsible after your company suffers a data breach.
Although your company may have fallen victim to a cyberattack, it will also affect your own personal reputation. Furthermore, you will be questioned why your customers and employees’ information was not properly secured.
In 2020, cybersecurity is no longer just an IT problem. Cybersecurity and understanding the corporation’s risk profile is a part of board meetings and is a responsibility of these senior leaders. This means it is your responsibility to be a cyber-aware CEO. Having an incident response plan and a cybersecurity roadmap for the future is a critical element in baselining your preparedness prior to an event occurring. Cyberattacks are occurring more than ever right now. Your organization’s risk profile needs to be established and consistently reviewed. You may not be able to prevent every attack from occurring, but your success in defending and responding to these incidents will establish the market response to the incident.
Being a cyber-aware CEO means holding security to a higher standard for everyone in an organization. Board members and C-suite executives are some of the highest targeted employees in an organization. This means they should, in theory, be the most highly trained and aware within your firm, as well as the most competent in leading when it comes to handling these crisis situations. Creating newsletters and security reporting that flows up through the executive team creates an organization aware of cybersecurity threats before they result in a damaging incident.
A cyber-aware CEO realizes the value of practice and role-playing scenarios. Practicing different situations of a cybersecurity incident with all necessary parties is a great way to have a strong leadership team around you ready to react to cyberattacks. It is crucial to practice with your team to proactively prepare for these types of events to reduce the possibility of mistakes and prepare for unavoidable surprises during a breach. Tabletop exercises are a great way to instill confidence in team members about the possibility of a cyber crisis. Even though cyberattacks vary, having a plan in place takes the guesswork out of saving your business from a data breach.
Being a cyber-aware CEO breaks down into four simple steps:
- Evaluate current cybersecurity capabilities including reviewing your cyber insurance policy
- Establish a strong internal cybersecurity awareness at the Board and C-suite level
- Review your data—what data your company holds, where the data lives, and review with counsel your retention policy
- Have relationships with experts including legal, forensics, and public relations so you can react quickly with the proper expertise on your side
Your reputation is on the line, but this is your chance to guide the plan and procedures your organization will take. Being a cyber-aware CEO also means knowing where your current internal security strengths and weaknesses are. Bring in security experts to create a roadmap to set priorities in the environment.
For more information on how to be a cyber-aware CEO and improve your organization’s cybersecurity posture, feel free to email [email protected] with the subject of “Ask the Expert” or visit speartip.com.