Cyberhackings Create New CEO Responsibilities

As we approach the one-year anniversary of the data breach at Target, cyberhacking has CEOs’ attention like never before. Here are some ways for CEOs to ensure they are doing all they can.

Perhaps the biggest difference from a year ago is the sheer number of attacks. While only an occasional news item pre-Target, hackers are getting smarter and data breaches are happening every couple of months. Organizations falling victim in 2014 have included Home Depot, Kmart, Dairy Queen, JPMorgan, Supervalu, Goodwill, Neiman Marcus and, most recently, Staples.

“CEOs should lead strategic exercises to test every possible way that a cyberhacker could get into a system and then work to prevent that opportunity.”

The risk is much higher now, and with the ultimate responsibility for the brand, the reputation and the bottom line, there’s no doubt that the responsibility for ensuring their companies can prevent a breach rests firmly in the CEO corner.

The ideal breach situation is to have no breach at all. CEOs should look closely at their IT budget and ensure that security technology is regularly updated. When looking for places to trim the budget, data security is one area that not only should be left alone, but for many, should be increased, for the cost of a technology upgrade is much less expensive than the cost of a breach.

Rebecca Scorzato, director of crisis and security consulting, recommends that, to help prevent a breach, CEOs should lead strategic exercises to test every possible way that a cyberhacker could get into their company’s system and then work to prevent that opportunity. Having been thoroughly practiced, such a plan can be kicked into motion quickly should companies become the victim of a cyber breach.

These exercises should include “all necessary internal and external resources,” Scorzato told Security Week, such as IT, finance, HR, customer service and facilities. It’s important for the CEO to hear from each department what is needed to both prevent and fully recover from a breach. “It’s a mistake to treat this is as an IT-readiness exercise,” Scorzato says. Rather, “it’s an organization-readiness exercise.”


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events