Technology is at the center of today’s business world. After all, we live in a time when many employers encourage employee advocacy on social media and global e-commerce sales are expected to reach $3.563 trillion.
Though the increasing digitization of business opens up many new opportunities for executive leadership to improve company efficiency and profitability, a key challenge still remains: cybersecurity.
If your executive team doesn’t give cybersecurity the emphasis it deserves, a single attack could easily wipe out all of your previous efforts to build a successful business. Be on the lookout for signs that indicate your team isn’t giving cybersecurity the emphasis it deserves.
They’re Ignoring the Impact of the Internet of Things
Cybersecurity challenges become increasingly prevalent as more “Internet of Things” (IoT) devices take hold in the business world. From manufacturing and farming equipment to printers and appliances, more and more devices are using artificial intelligence and internet connectivity to streamline business and personal tasks.
The problem is that many of these devices are woefully vulnerable to a security breach. If your team isn’t making an effort to secure (IoT) devices, your company is at risk. Consider for a moment the below data, published on an infographic from IT security venture, Cloud Management Suite:
• There were 8.4 billion IoT devices in use in 2018.
• This number is expected to reach 20 billion by 2020.
• 6% of all IoT devices are used for business-related tasks.
• Unsecured IoT devices can experience as many as eight DDOS attacks per day.
• Shockingly, the average successful cyberattack will cost a business $1.7 million.
The adoption of IoT devices isn’t a bad thing. But if your executive team is constantly introducing new connected devices without accounting for appropriate security measures, you could quickly have a problem on your hands.
They Can’t Answer Basic Cybersecurity Questions
In 2018, the United Kingdom’s National Cyber Security Centre (NCSC) created a list of five questions that it determined corporate executives need to know the answers to in order to fully understand their cybersecurity risk.
The questions cover topics that may seem basic to those in the know: phishing attacks, control of privileged IT accounts, keeping software and devices up to date, using authentication methods and ensuring that information shared with business partners is protected.
While these questions may seem quite basic to those who understand cybersecurity, many C-Suite professionals are alarmingly unaware of these basic elements.
In fact, the State of Email Security 2018 report revealed that nearly 40 percent of IT professionals cited their CEO as their weakest cybersecurity link, with c-suite executives being more likely “to accidentally send sensitive data to the wrong person” than general employees.
If your executive team doesn’t know the basics, they are far more likely to cause a breach.
They Think Cybersecurity Is IT’s Problem
Part of the reason c-suite executives often contribute to cybersecurity breaches is because they don’t fully understand their company’s risk. They think the IT team will handle everything, alleviating them of any responsibility in the matter.
As ZDNet’s Danny Palmer writes, however, “The C-Suite needs to be able to understand and answer these cyber security issues — and drive strategy forward based on what they find … The board needs to have a grasp on both business risk intelligence and cyber threat intelligence to the extent that they’re aware of the potential threats to the organization and the weak entry points which could be used by attackers to get into the network.”
Only when your c-suite team understands their responsibilities toward cybersecurity will they be able to make sound budgeting and strategy decisions. Small daily actions will ensure that security efforts don’t go to waste.
Take time to gauge your c-suite’s attitudes toward cybersecurity, including their responsibilities toward mitigating risk. If they assume they don’t need to worry about anything because “IT handles it,” they won’t take the basic steps to prevent causing a breach themselves.
They Treat Cybersecurity as a Finite Problem
As with so many other business activities, cybersecurity is not a “set it and forget it” function of the business. Just like customer acquisition and supply chain management, cybersecurity efforts must be ongoing.
However, a report from the Harvard Business Review noted that many executives view cybersecurity as a finite issue. This mindset is easily discernible in decision-makers’ attitudes toward their cybersecurity investment.
As the report explains, “They may assume that complying with a security framework like NIST or FISMA is sufficient security — just check all the boxes and you can keep pesky attackers at bay. They may also fail to consider the counterfactual thinking — We didn’t have a breach this year, so we don’t need to ramp up investment — when in reality they probably either got lucky this year or are unaware that a bad actor is lurking in their system, waiting to strike.”
If you haven’t suffered a breach yet, c-suite leadership may become complacent and assume that what they currently have in place is enough. They become unwilling to listen to IT professionals who warn them that new threats are constantly emerging, and that as a result, cybersecurity requires a continuous investment.
If you want to keep your company’s assets and information secure in the digital age, a commitment to cybersecurity must start at the top. As you enact measures to ensure that each member of your executive team makes cybersecurity a priority, the rest of your staff will be more likely to follow this crucial example.