Close this search box.
Close this search box.

Cyberattacks: Not If, But When

medieval knight in armor with a sword and shield in comes out of the virtual screen. creative cyber security concept
You can’t be bulletproof, but you can be armed for battle.

Tim Gallagher spent 22 years in cybersecurity at the Federal Bureau of Investigation, ending up as special agent in charge of the busy Newark, New Jersey office. His job included telling large corporations their computer systems had been hacked by foreign actors—information the FBI often gets from other government agencies.

“I can’t tell you the number of times I have been involved in investigations where I’d go into an enterprise and say, ‘You have a problem,’ and they’d say, ‘No we don’t,’” Gallagher says. “I’d tell them: Keep looking.”

Damage Control

Now head of digital investigations at global investigations firm Nardello & Co., Gallagher tries to keep his clients from getting an unexpected visit from the FBI. That means training C-Suite executives to recognize the multipronged risk cyberattacks pose to their organization and oversee the efforts of the chief information security officer, or CISO, to guard the network and respond to attacks.

The damage hackers can wreak on a corporation isn’t limited to ransomware, as devastating as that can be. (Ask the City of Baltimore, which had to shut down computer systems, including at the City Council and Public Works, during a weeks-long ransomware attack in 2019.) Cybercriminals increasingly are engaging in another form of extortion, where they threaten to leak your internal data to the dark web or a public “shaming site” unless you pay up. Reputational risk is a concern, too: The big corporate law firm Covington this year was ordered by a federal judge to turn over client names to the Securities and Exchange Commission after hackers scraped potentially market-moving information off its servers.

“Everybody’s going to get hit,” Gallagher says. “The idea is if you do get hit, you figure it out as soon as possible. Catch the breach before it becomes a major breach.

”That could mean preemptively shutting down entire computer networks, as Colonial Pipeline had to do in 2021, triggering lines at gas stations around the East Coast. It also probably means engaging crisis communications experts to explain the attack internally to employees and externally to customers, vendors and the public.

What to Ask

The important thing is not to wait until a cyberattack to prepare for it. Nobody expects the chief executive to be an expert on network security but the CEO’s job does include working closely with the CISO to make sure plans are in place and updated frequently.

Questions a CEO must ask include: Is vital data being stored offsite, and how often is that offsite data tested to make sure it isn’t infected with malicious code? What’s the planned response to a cyberattack? Are you testing the plan? What changes are made after a test? “The CEO should be part of those tests and the plans,” Gallagher says.

All this planning can have an impact on the bottom line. Many companies lay off the risk of a major attack by purchasing cyber insurance, but premiums are going up and they’re sensitive to a company’s record and compliance with security standards. Gallagher says Nardello & Co. is seeing some companies dropped by their insurers after several breaches.

Back in the good old days—like a year or two ago—the most common form of attack, “phishing” emails, could be spotted because foreign actors made mistakes in grammar and spelling. Now hackers are using artificial intelligence to construct more authentic-looking emails and machine learning to launch persistent attacks on their targets.

“The good news is the good guys have AI as well,” Gallagher says. In the endless war against cyberintruders, companies are using AI to create programs that detect attacks and deflect them before the real damage occurs.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.