The C-Suite is ultimately responsible for failures of a company’s cyber security. A recent example of this is how Target’s CEO, CTO, and several Board Members were pushed out in the wake of its data breach.
SEE BELOW FOR EVENT REGISTRATION!
This puts leaders in a difficult position. It is almost a statistical certainty that every company will suffer a data breach sooner rather than later. Does that mean that most C-Levels and Directors are on the verge of losing their positions because of a data breach? Does it mean that their careers and future are now out of their control?
No, it does not have to mean either of those things. There are steps leaders can take to help minimize the risk of these things happening, both to themselves and their companies.
Leaders will be Judged, but by What Standard?
Because statistics show that virtually all companies will eventually suffer some form of data breach, the standard by which their leadership is judged is not whether their company did or did not suffer a data breach. That is now a given.
Rather, the standard is whether, prior to a breach, the company had taken reasonable steps to protect its systems and data and whether it made appropriate plans to respond and mitigate the effects of such a breach.
Because the risk is foreseeable, the question is one of preparation. That is, did the leaders act reasonable in preparing their companies now that they are aware of the risks their companies face. If they did, they have much better odds. If they did not, they will be judged harshly.
How can leaders help prepare their companies for these challenges?
The 3 Steps
To prepare their companies, the C-Suite must show leadership on this issue by setting a tone for the company and establishing a culture of compliance when it comes to cyber security. This must come from the top down. There are three steps that leadership can take that will help create that culture:
- Leadership must truly care about cyber security and the digital business risks their company faces;
- Leadership must show its concern and commitment by dedicating appropriate resources for cyber security and minimizing digital business risks; and
- Leadership must listen to those responsible for, and who work most closely with, cyber security issues. By listening, leadership reaffirms its concern and commitment to a culture of compliance for cyber security. Leadership also increases its knowledge and understanding of the nature of the cyber security threats and the digital business risks the company faces.
Where Can Leaders Start?
The starting point for members of the C-Suite and Boardroom is to gain a better appreciation and understanding of the risks their companies face. There is a great opportunity for them to do this by attending an upcoming seminar sponsored by the North Texas Crime Commission.
The seminar, Strengthening the Weak Link: Cyber Security Essentials for the C-Suite, will be held at the George W. Bush Institute at Southern Methodist University on October 16, 2014.
The keynote speaker will be Tom Ridge, former Secretary of Homeland Security. There are several other notable speakers who will be sharing their knowledge of these risks, including members of the cyber units of the FBI, Secret Service, United States Department of Justice, and many others.