Cybersecurity for Busy Executives – Increasing Boardroom Awareness

Ask your business, IT, and security managers the following questions to see where your enterprise stands:

If they can’t say yes to all these questions, you may still be compliant with regulations, but your company’s data and customers are not safe. If you don’t ask these questions, your customers and shareholders will – or will ask soon!

Jane Holl Lute (Board of Directors of the Center for Internet Security)

We are currently seeing a lot of disconnect between the Executive Board (of companies) and Cybersecurity professionals who work for them.  Although there has been a significant increase in Board Cybersecurity awareness, we believe they are still not sufficiently knowledgeable about Cybersecurity issues. 

There is a further issue in that Cybersecurity professionals are struggling to articulate the problems in a language that the Board understand.  Our view is supported by a recent survey by Harvey Nash, the recruitment firm, who found that of C-Level execs, 30% or less CEOs and COOs are well informed on Cybersecurity issues, and 20% or less CFOs and CMOs are well informed.

In a series of blogs, we will aim to address these issues, starting with the first part of the problem –  raising Board level awareness on Cybersecurity which will

The four areas we will cover are:

1.     Cybersecurity 101.  What are the key things, as an Executive, you need to know.  We will cover Risk Management basics; what are the different threats to your organisation – and how to mitigate them; what are the most common attacks; what does the attack surface of your organisation look like, and what are the most common vulnerabilities.  We will also provide a go-to glossary of common cybersecurity terms and jargon.

2.     Making your organisation more robust.  What are the main areas you should be asking your Information Security or IT team about.  Here we will break down the different areas of best practice Cybersecurity defence, which will allow you to ask the right questions of your IS team, and also allow you to dig below the surface to ensure you are satisfied that you are on top of what is going on.  We will cover the following topics (amongst others):

3.     Cybersecurity Macro Trends.  Once you understand the basics and have ensured your Information Security team have a robust plan, you then need to think about the future.  There is a lot of change currently happening within the Cybersecurity industry and it is important that you (a) have a strategy; and (b) this strategy is aligned with your overall business strategy.  You therefore need to be aware of some of the trends that are underway, to ensure your cyber strategy is incorporating these macro trends, and it is relevant.  As part of this section, we will look at the following trends:

4.     The future.  Linked to the previous section, we will look even further into the future and discuss what the future holds for the cybersecurity industry.  We will look at some of the technology advancements underway, including Artificial Intelligence, and what impact they will have on Cybersecurity defences and attackers.  We will discuss the potential cyber arms race between governments and corporations, and the hacking community, and how you can take advantage of the advances in technology to improve your Cybersecurity defences and to save money.

We hope you have enjoyed reading this and look forward to our next blog in the Cybersecurity for Busy Executives series.

Download this article in PDF