CEO Lessons Learned from a Severe Cyber Attack

Harding had to endure a series of painful television interviews where it quickly became clear that she had no idea who the attacker or attackers were, how many of the company’s 4 million customers had been affected and what kind of security risks they faced.

‘They have been rather unkindly described as the hostage videos,” Dido told Management Today of the media coverage. “I really don’t look my best, and they do look as though I was being held prisoner in a DIY store.”

Harding’s frank admission comes as studies show CEOs aren’t taking cyber attacks seriously enough—and aren’t prepared for the public fallout when they occur.

A recent survey commissioned by security firm Tanium of 1,530 senior executive and nonexecutive directors in the U.S., UK and Japan found that more than 90% could not read a cybersecurity report and were not prepared to handle a breach.

Even more surprisingly, around 40% of respondents said they didn’t feel responsible for the repercussions of hackings.

But company leaders will be held responsible. And that’s something Harding had to find out the hard way.

“We thought we were taking it seriously, outside experts were telling us we were taking it seriously. Patently we weren’t taking it anything like seriously enough,” she told Management Today.

“One thing I think I know more keenly than any other British CEO is that every single one of us is underestimating the importance of cybersecurity.”

Harding isn’t the only executive to be recently taken off guard.

Swift CEO Gottfried Liebbrandt told the Wall Street Journal in June that his outspoken fears of a cyber attack still didn’t prepare him well enough for a series of security breaches at the funds transfer platform.

As outlined in Chief Executive, CEOs can take a number of steps to prevent cyber attacks, including continuously updating software, encrypting all data and using ad blockers.

But they’ll also have to be prepared for the worst.

And Harding, at least, has no regrets about coming clean with the public,.

‘If being open and honest with my customers is naive then it’s fine with me,” she said. ‘I’m still here, living proof that sometimes it’s OK to admit to your fallibility.”