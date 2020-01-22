advertisement

As companies want to integrate more and more new technologies into their company in order to remain marketable and competitive, the risk increases that a cyber attack disrupts operations or steals valuable data. Organizations often underestimate the number of cyber attacks they will be exposed to in a calendar year, and while they may have a basic level of cyber security, more needs to be done to ensure that cyber representation is at the highest level – the Board of Directors. This is the key to countering cyber threats, as cyber security must be integrated into the overall business strategy and this can only be done from top to bottom.

Find the right person for the job

Too often we see companies, especially SMEs, that have no direct cyber representation at the highest level. The boards of large companies often don’t hire cybersecurity experts. Instead, they chose to delegate this responsibility to a CFO or similar manager who typically manages the risk. However, the majority of CFOs generally focus on reducing costs rather than investing in risk management. Even if a suitable C-Suite member is responsible, many of them will be hired without previous cyber experience. As such, they are poorly equipped to take the necessary leadership and make informed risk-based decisions.

Instead, the cyber representation should either be covered by a CTO, CIO, CSO or better by a CISO. It depends on the size of the company, whether it is a dedicated or a common role. Not only can they explain complex technical issues and challenges to the rest of the board of directors that can impact business operations, but they can also ensure that cybersecurity receives the resources and funding needed to protect the company solidly.

In the event of a persistent shortage of skilled workers, a cyber leader also helps companies to hire and retain technical staff. A cyber leader with years of experience is respected, which improves the work ethic and overall job satisfaction of technical staff.

Set up cyber metrics

Developing a successful cybersecurity strategy leads to the broader question of how cyber is understood with regard to its main risks in the company. Many boards do not check regular KPIs or other metrics such as B. important risk indicators or risks at board level, and are therefore unlikely to understand how their main risks are managed. Some companies may not even know what their risk appetite is or what cyber threats their company is exposed to.

Without understanding these basic points, it is impossible for a company to react consistently to cyber threats and manage its risk. If the board cannot share this information, you will receive best practices based solely on the employee’s experience and what to do.

Organizations can begin by assessing cyber maturity to identify the vulnerabilities in the organization that could be exploited by cyber threats – be it lack of staff training on best practices or the IT infrastructure itself. Once all the vulnerabilities are known, a tailored strategy can be created to address these issues and improve cybersecurity.

event planning

As part of this strategy, companies must ensure that they plan for business continuity and disaster recovery. This is vital to prepare for potential incidents that could affect the company. Lately there have been many examples of system failures affecting large companies like Travelex. Emphasize the importance of companies that effectively prepare for incidents. A big data breach can affect not only business operations, but also the company’s reputation, especially when customer data is affected. A corporate cyber leader can significantly simplify the development of a proactive policy to fix an incident, reassure customers, and protect the company’s reputation.

Adopt a risk management approach

Ensuring that a CISO function that is authorized to make real changes within the company is in operation ensures a consistent approach to risk management. Strong governance cuts costs by reducing the number of incidents and standardizing tool sets across the organization. In addition, the CISO function provides the necessary evidence to support any investigation in the event of a data breach.

While it is not always possible to prevent the occurrence of a cyber incident, the number and extent of the incidents are reduced significantly by ensuring that the CISO function works properly. This will also serve as evidence that the Information Commissioner’s Office (ICO) or other regulatory authorities can demonstrate that the organization is doing the right thing to reduce or eliminate the fine in the event of a violation.

As an expert in this area, a cyber leader is key to helping companies understand, manage and mitigate the risks associated with doing business. Performing an assessment of cyber maturity and creating a results-based cyber strategy are important first steps to protect the company and to provide stakeholders and the rest of the board of directors with an understanding of the changes required. Ultimately, a cyber leader will set the tone for a company and work to protect the company’s reputation, finances, and assets.

Peter Barnsley, Director Cyber ​​Security, 6point6

