Every business leader understands that, when it comes to cybersecurity, the stakes are extraordinarily high. CEOs tend to take notice when they read headlines about yet another big-name company being victimized by a massive data breach or about industry forecasts suggesting that the annual cost of crime losses and damage will hit $6 trillion by 2021.

However, does that mean top business leaders have meticulously prepared their organizations for a virtual worst-case scenario? The short answer: No.

In fact, a report by insurance firm Hiscox revealed that 73% of 4,100 organizations surveyed were not well-prepared for a cyber attack. And this is not because organizations are failing to invest in security — in the same survey, 72% of firms said they will increase spending on cybersecurity in the year ahead.

The first statistic above brings to mind the old saying that the first step to solving a problem is admitting that the problem exists. The second stat connects to the idea that trying to spend one’s way out of a problem is not the same thing as a solution.

The challenges include the fact that:

  • Strong cybersecurity demands strong leadership from the top; however, most CEOs are not cybersecurity experts, and the technical nature of the subject matter can sometimes make discussions about it feel like a foreign language.
  • Communication between the CEO and top IT security staff needs to be stronger.
  • Finger-pointing is not uncommon when things go wrong.
  • Every employee in every organization is a potential weak point but also a cybersecurity defender.
  • The nature of the threat evolves continually as attackers come up with ever-more sophisticated strategies to commit wrongdoing.

So what can business leaders do to make sure they are truly walking the walk when it comes to effective cybersecurity leadership rather than just going through (Read more...)