CEOs should also work with their IT department to develop a measurement system and dashboard metrics that CEOs can check easily and frequently to stay on top of data safety. Boards are increasingly asking questions about data security, and CEOs should be prepared to answer them.
TO TELL OR NOT TO TELL
With the proliferation of data breaches and the variety of their seriousness, some CEOs also are pondering the question of whether to disclose such incidents to the public. Public companies “are required to report breaches likely to affect investor decisions,” according to The Wall Street Journal. Other than what is deemed legally necessary, CEOs are “questioning the prevailing view that companies should always notify customers, vendors and authorities after a breach.”
The reason: going public could expose weaknesses that others could exploit. And banks usually reimburse customers for fraudulent credit-card charges whether the hacked company goes public or not. But what about the hit to a brand’s reputation over lack of transparency should they not report such a cyber breach? Sometimes customers can speak louder with their wallets than anyone else.
Also, in today’s market, consumers may be more accepting of the risk. “Consumers might not love having their data breached, but they may be getting used to it,” reported Marketing Daily. While Target has been hit hard by the aftershocks of its breach, the impact on the perception of Home Depot and JPMorgan Chase brands was successively less after they reported their own cyberattacks, according to the YouGov Brandindex.
“Consumers have concluded that companies, even if they are diligent, cannot guarantee security,” YouGov Brandindex CEO Ted Marzilli said. “So until one of these data breaches is accompanied by large-scale theft or some other shock to the system, the impact on brand image of a single event is likely to be modest.”
That is not an excuse to ignore the perils, however and CEOs, as part of their leadership responsibilities, should ensure their IT department has the tools and the knowledge needed to do all they can to deflect hackers. No CEO wants to be the feature of the next cyber breach story.