In the past, cybersecurity was a concern relegated to the IT department. But given how likely their organizations are to be a target for hackers, C-suite leaders are realizing that they too need to address their organizations' digital defenses. According to a 2016 IBM report, executives generally recognize cybersecurity as a top priority, but they share misconceived views on threat sources and effective approaches.
It's critical that top management become more involved in online security issues, but in order to effectively contribute, they'll need to change their current mindset; here's how.
The Origins of Cybersecurity Threats
Executives have correct assumptions about some aspects of cybersecurity. For example, 51% estimate a one-in-four chance of a data breach, consistent with what some evidence suggests. Overall, though, they do have some misinformed views, which is understandable since their job is not to be the tech experts and they often lack the time to read up on current cybersecurity news. One of their challenges, as a result, is obtaining high-quality information regarding the digital protection of their companies.
Concerning misconceptions, top management tends to misjudge the source of cyber theats. 70% of the IBM study participants thought rogue individuals were the biggest cybersecurity dangers, followed by organized crime, and industry competitors in third. The reality is, however, that lone actors tend to be less sophisticated than other threats. Malicious insiders are, in fact, a greater risk as well as state-sponsored actors.
Collaboration at the C-Suite Level
Cyber criminals succeed by sharing secrets in the dark; to combat their efforts, businesses should work with other members of their industry. But executives are resistant to sharing sensitive information such as vulnerabilities with other companies—68% of CEOs acknowledged a reluctance to share incident information externally. While this may seem reasonable, doing so will actually help more companies stay aware of new and ongoing vulnerabilities and threats. If hackers gain strength through collaboration, so too should companies.
Collaboration on cybersecurity within an organization is often lacking as well. 62% of Chief Finance Officers (CFOs), 57% of Chief Marketing Officers (CMOs), and 59% of Chief Human Resource Officers (CHROs) have stated that they don’t participate in C-suite discussions about security threat management activities. This is important, given that these executives are ultimately the stewards of financial, customer, and employee data—the types of records highly sought after by hackers. By working together to establish community defense with information sharing, companies can detect breaches at an earlier stage, provide insight on security vulnerabilities, and let others know about new threats, all of which can help ensure the outright prevention of cyber attacks.
For C-suite executives to make a meaningful impact on their companies' digital safety, they need to perform regular security risk assessments, make cybersecurity training mandatory for employees, and work with others to deter hackers. Bolstering their in-house teams with network security monitoring will also help ensure full defense against future threats.
More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!