Get The Department Recovery Plan Template
Keeping Your Executive “In the Know” About Cyber Security
Major data breaches at companies such as Target, LinkedIn, Home Depot and Sony have brought cyber security to everyone’s attention. This includes senior-level “C-suite” executives who say they believe a comprehensive security plan is important.
But, before your senior leaders can champion cyber security as part of your company’s risk and incident management program, they must have a clear picture of real cyber threats facing your organization.
According to a survey of 600 IT and IT practitioners by the Ponemon Institute, 34 percent said C-suite executives are never updated on security incidents, while 36 percent are only updated on a need-to-know basis.
For senior leadership to make informed decisions that can affect the company for years to come, your business continuity and disaster recovery teams must work to help them realize that cyber security is not too technical of an issue to manage. You can help your leaders understand who the company’s cyber-foes are and how to effectively combat them. But, despite the potential fiscal ramifications of a cyber attack, this is seemingly not the current trend.
The survey continued by stating that a mere 7 percent updated leadership weekly or monthly, even though 63 percent of those participating confirmed their companies were victims of one or more advanced attacks in the past year.
Senior managers of marketing, human resources, and finance are responsible for extremely sensitive data, and they should be proactively engaged with planning and security decisions. To make the right incident management decisions, there should be more awareness at that level.
For companies that are struggling to establish an effective cyber security strategy, Business Continuity and Disaster Recovery Teams must strive to keep senior management “in the know” about cyber threats. Here are some key reasons why…
- Organizations’ reliance on information technology is ever-increasing. By providing insight into the real financial, legal, and reputational damage a cyber incident can have, you can give your business leaders the visibility they need to take cyber threats more seriously. Senior management needs to address cyber security risks like any other business continuity risk, and deal with it as part of the company’s enterprise-wide risk management program.
- Organizations are challenged with competing budget priorities. Senior executives have critical budget decisions with where investments are made for programs, staff, technology, and services. To make these choices, they have to prioritize likely risks to the business, including countering cyber-security threats. Educate them about the genuine cyber-threats to the business that support why IT needs to invest in preventative technologies and experienced personnel.
- Media coverage is flooded. Reports about cyber-criminals, hacktivists, and catastrophic data breaches are constantly circulating. Help senior executives cut through the noise…keep your executives apprised about how the organization is responding to current security concerns and relevant, emerging threats.
- Cyber incidents can escalate rapidly. This requires well-coordinated communication at all levels within an organization, including senior executives as they may be expected to respond to board members, customers, vendors, or the media. Senior executives need to be prepared to respond succinctly and accurately to questions about an incident.
To engage your senior executives as it relates to cyber security, align your security goals with the business’s goals. Here is a look at an interesting case study from the Healthcare Industry about how companies can protect reputation, brand and data with the proper planning and implementation of their business continuity services.
As noted above, along with the negative revenue ramifications caused by damage to brand’s reputation and the potential legal issues, you can explain how addressing cyber security as part of the enterprise’s risk management program can generate income. For example, in a competitive bid, your cyber security program can give you an advantage by bolstering confidence and integrity in the eyes of the customer.
Today’s business is conducted in a connected world, and every company will face a cyber attack…it is no longer a question of if, but when. Help keep your top managers “in the know” and give them the proper quantity and quality of information they need regarding cyber security and IT risk. The senior executive team’s posture towards cyber security preparedness has consequences for the entire organization. Top management must be sufficiently engaged so as to wisely utilize the people, processes, and technology that mitigate these threats, and to fully integrate security goals with the business’s overall objectives.
Get resilience insights delivered to your inbox.