According to a recent Forbes article, CEOs and Board Members don’t get cyber, they aren't being cyber leaders. They see the numbers associated with the cost of cybercrime, yet there is nothing in their playbook to help them guide their company through it, other than to ask, “who’s got this? Is this an IT thing?”
The issue is as basic as it gets.
If the leadership learns cyber, then the requirements go from vague and "someone else’s problem" to front and center. Any business with an online presence needs an internal leader addressing cyber; both by deed and by example.
Why aren’t leaders learning cyber workforce issues? The best analogy I can come up with is how Ronald Reagan learned foreign policy.
Reagan asked his aides to dumb down the topics as much as was necessary for him to understand them, but not more. Then, he asked them to create “lessons,” none lasting more than 10-20 minutes at a time, so he could make time to learn them in such a way that they fit into his busy schedule.
According to NASDAQ, more than 90% of corporate executives say they can't read a cybersecurity report and aren't prepared to handle a major attack. The market is begging for someone who can teach them, the way they can learn it.
A leader who takes ownership of cyber risk is a cyber leader who understands the needs of the users but doesn’t cut corners internally to keep information and devices secure. He leads by taking cyber training alongside his employees, and he complies with all corporate policies as if he were an entry level user, new to the company. He doesn’t ask to be made an exception to the online filtering rules, scanning rules or backup requirements. He does exactly what he expects his users to do as he leads by example. He knows that his account, after all, is the one that the hackers are most likely going to target.
He is also getting feedback not only from his employees and customers but from the vendors he trusts who keep him safe. He is aware that the bad guys need not invest either much time or much money to end his operations, as he knows that only one bullet will kill him and all that he has built. And he is aware that the bullet can be fired from a place so far away that there is no chance of revenge or restitution for his suffering. He knows that the criminal will get away with their act, and he won’t be able to do anything to prevent it from happening a 2nd time if he doesn’t make it a prioritize from making it happen the first time.
Without a cyber leader, every company’s future is compromised. Are you going to be a cyber leader?
The Network Team is hosting a Cyber Security Seminar specifically targeting small business leaders. Learn more and register by clicking below.