A recent survey by Oxford University and the UK’s Centre for the Protection of the National Infrastructure found that concern for cybersecurity was significantly lower among managers inside the C-suite than among managers outside it. A cyberattack is a serious problem for an organization and has financial consequences. In a 2014 study by the Ponemon Institute, the average annualized cost of cybercrime incurred by a benchmark sample of U.S. companies was $12.7 million, a 96% increase in five years. According to the US Department of Defense, intrusions into critical U.S. infrastructure has increased 17x over the past three years. The time it took to resolve a cyberattack had increased by 33%, on average, and the average cost incurred to resolve a single attack totaled more than $1.6 million.
When a company’s CEO doesn’t take cybersecurity threats seriously, neither will the rest of the company. A common perspective is that cyber security is primarily the responsibility of the IT department. However, after cybercriminals stole Target’s customers’ information, the CEO Gregg Steinhafel was ousted.
“This should be a harbinger for CEOs and board members of companies large and small. The cost to Target for the data will be in the billions by most estimates. Even for CEOs who do not report to outside boards, the cost of a significant data breach, particularly if not covered by insurance, could cost them their company,” writes author Eric Basu in a recent Forbes article.
In the wake of the Equifax hack that exposed confidential data from just about everyone in the United States, the CSO Susan Mauldin and CIO Dave Webb “retired,” followed shortly thereafter by the “retirement” of CEO Richard Smith.
Uber’s database was hacked, exposing 57 million customers and drivers, and the company concealed the news for a year, then forked over a $100,000 to cyber thieves. Uber CSO Joe Sullivan and Craig Clark, the company’s legal director of security and law enforcement, got the attackers to sign non-disclosure agreements and both were fired. Company CEO and founder Travis Kalanick also knew, but had been fired already by the time this incident came to light.
A secure network is a sign that a CSO is doing their job right, even if it’s hard to notice. It’s not exciting when nothing happens. But when something does happen in security, that’s usually really bad and a great way to get fired, along with the CEO.
Chief executives must marshal their entire leadership team – technical and line management, and human resources – to make people, principles, and IT systems work together. Each person much be armed with the requisite knowledge to make informed decisions about cybersecurity – not just an understanding of the basic concepts. Executives must have an in-depth understanding of the technical concepts of enterprise IT security. With this knowledge they will be better equipped to provide policies for the entire enterprise that will keep intellectual property and customer data secure and prevent those unwanted headlines that no one wants to see.
To learn more about how the ZoneRanger can save your company both time and money, give us a call at 919-654-1231.