As a CEO, Would a Cyber Breach Put Your Job at Risk?
5 Ways You Can Mitigate Risks for Operational Resiliency
A single successful cyber breach can cost medium and large-scale enterprises millions of dollars in response and recovery fees, damage control, and civil and other fines. In a worst case, a business may never recover from an attack, resulting in shuttered doors.
Even if your organization could shell out that chunk of change and keep going, if you’re a CEO or other executive, what could a breach mean for you?
According to a recent study, it could be your job.
The Buck Stops at the Top
The average global cost of a data breach today, according to IBM, is nearly $4 million dollars, and those costs could go even higher in 2020 as more organizations around the globe rely on remote workforces during the coronavirus pandemic.
And, according to a report from Gartner, CEOs are getting increasingly blamed—and as a result, punished—for those cyber breaches. The response is often harsher for CEOs (firing, resignation, or loss of compensation) than IT professionals responsible for enterprise security.
According to IBM’s 2020 Cost of a Data Breach Report, the average cost of a data breach is $3.86 million. And in another report from Gartner, CEOs of organizations that experience a breach are twice as likely to lose their jobs as IT executives.
CEOs, according to the Gartner report, are also twice as likely to lose their jobs over an incident than a CIO or CISO.
So if you’re a CEO or other executive, what can you do to close gaps that leave your organization vulnerable to attacks and disruptions? How can you work more closely with your business continuity teams to ensure you’re meeting your compliance and regulatory standards and building a strong cybersecurity program to keep your organization safe?
Here are a five suggestions drawn from recommendations in the report:
- Uncover Tech Risks
If you’re in leadership, you should understand that effective planning and response strategies require comprehensive insight into the critical processes that keep your business functioning. That includes hardware, software, and other assets that connect and traverse your network.
If you can’t see—and aren’t continuously monitoring—your attack surface for potential vulnerabilities and threats, how do you know where you’re at risk?
And, considering it takes an average of 280 days for most organizations to identify and contain a cyber breach, the more pressing it is to have a strategy to seek out and mitigate risks within your organization.
- Eliminate the Silos
In many organizations, work teams tend to silo functions and responsibilities. While many try to share and build organizational goals into corporate culture and individual job responsibilities, organizational disconnect is common. When it comes to cybersecurity, risk mitigation, or business continuity, non-related teams often view those areas or issues as “not my problem,” and rely instead on other teams to address them.
As an executive leader, your focus should be on breaking down those silos and building a culture where everyone—regardless of role—understands cybersecurity and business continuity are critical to organizational success and that every person plays an important role in those objectives. Cybersecurity and business continuity accountability are for everyone, not specific teams or departments. Both shouldn’t be just a component of business, but rather incorporated into how you do business as a whole.
- Watch the Bottom Line
Sure, costs related to cyber breaches are astonishing, but that doesn’t mean you should just expend money on disparate technology, processes, or people that piecemeal a Band-Aid over security and resiliency.
Instead, you should build strong cybersecurity and business continuity programs—supported by the right tools, resources, funding, and people—to protect your business today, meet all your compliance and regulatory standards, and scale with your company as you mature and change over time.
- All-Hands On Deck
Have you ever tried to download a program or extension onto your computer at work—one you know will help you do your job better—but ran into a roadblock from an IT restriction? It’s frustrating, right?
The same thing—at higher levels—can happen if you build your cybersecurity and business continuity programs with only IT and Infosec involvement. Not only will your response and recovery frustrate the people who have to do those tasks during a disruption, but your plans might just fail because you haven’t involved key team members—like the people who do those functions on a routine basis—in your planning processes.
Building these programs successfully means you need to include other executives and IT and business continuity pros, but also rely on feedback and expertise of cross-functional team members to facilitate success.
- It’s a Risky Business
Risk mitigation is crucial for business continuity and organizational success. Effective business continuity programs should have an executive leader who helps determine acceptable risk levels and evaluate new risks as they emerge.
It might be a knee-jerk reaction to want to be completely risk-adverse, but it’s not feasible for modern organizations to eliminate all business risks. All organizations operate with some level of risk acceptance. The key here, for both cybersecurity and business continuity, is understanding how your business impact analysis and risk assessments work hand-in-hand and where some levels of risks are acceptable so you can be competitive and innovative in your business
Want to know more about other ways you can manage these risks for your organization? Check out the Gartner report for more details
The key takeaway is this: it’s never been more critical for executives to understand goals and objectives for cybersecurity, risk management, and business continuity, but also to get involved with these programs and work closely with leaders tasked to manage these critical programs.
Get business continuity insights delivered to your inbox.