It’s time for a paradigm shift in the way we view cyber security…
- Published: Friday, 15 November 2019 10:23
Effective cyber security begins in the boardroom: organizations need to adopt a top-down approach to cyber security if they are to successfully navigate today’s hostile digital landscape says Paul Rose.
The organizations I speak to are all too aware of the risks they face, whether from rogue internal operators, ever more sophisticated email attacks, ransomware, or any number of other threat vectors that could – if exploited – result in serious financial, operational and reputational damage.
The threats are known, documented and evidenced. But the fact remains that even mentioning ‘cyber security’ in the boardroom can elicit eye rolls, shuffling in seats and muttered excuses to leave. Cyber security is viewed as a necessary evil; a distraction; something for the IT department to worry about.
These outdated attitudes need to change. Cyber security is not the ‘Department of No’.
Effective cyber security requires continual top-down engagement throughout the organization, and that starts in the boardroom. Cyber security needs to be put on the executive agenda; it should be placed in the context of the continuing success of the firm in terms of the impact of any breach.
The importance of awareness
The Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey (2019) found that embedding knowledge and understanding of cyber security within management boards is a strong driver of behaviour change, but only just over a third of businesses (35 percent) have a board member or trustee with specific responsibility for cyber security.
Awareness is vitally important, but education needs to remain punchy, clear and concise: in my experience we’ve found that implementing robust cyber security is 30 percent education and 70 percent buy-in. Executives will ask ‘why should I care?’ – you need to be able to make them aware of current risks and relate these back to your business to highlight their relevance.
Get it right and the conversation in the boardroom will shift towards the benefits that cyber security can bring. Ultimately, good cyber security practices enable an efficient and productive business environment: far from being the ‘Department of No’, effective cyber security goes hand in hand with an organization’s financial, operational and reputational success.
Continual training and investment
The truth is there’s no silver bullet when it comes to making your organization safe from cyber threats. No one piece of software, staff training programme or cyber security review will deliver end-to-end protection. You can’t just throw some money at the problem and hope it goes away. Cyber security is an evolving threat requiring an ongoing iterative strategy with regular reviews across the organization.
Continual training and investment is an essential element of any organization’s cyber security posture. That doesn’t mean it should be overly cost-intensive, though. By engaging with a trusted cyber security partner that can benchmark your cyber security maturity and support you through a structured, actionable risk mitigation plan, you can keep costs predictable and deliver tangible ROI on your cyber security spend.
About the author
Paul Rose is chief information security officer at Six Degrees, a cloud-led managed service provider that works as a collaborative technology partner to organizations making a digital transition. www.6dg.co.uk