Years ago, global organizations viewed security to be a back burner issue. Fast forward to 2016 and the vast majority of enterprises consider security to be of the utmost importance. Nowadays, organizational security actually draws the attention of executives and those who sit on the board of directors. This shift in priorities can be directly attributed to the seemingly never ending stream of news stories about major corporations that suffer severe security breaches.
The Growing Importance of Security in a Web-Connected World
Safeguarding sensitive data will only prove to be more important as we march forward into the digital age. Computers and the world wide web have certainly improved the efficiency of operations yet they also present opportunities for malicious individuals to gain access to organizations’ systems and pilfer data. According to Juniper Research, cyber crimes will total an astonishing $2.1 trillion by 2019. The financial cost of such digital attacks is precisely why so many executives are taking a proactive role in their firm’s cybersecurity. For many executives, cybersecurity has actually become a component of their fiduciary duties. It is imperative that anyone in an upper management/ownership role understand all of the risks involved with storing sensitive information on servers, computer hard drives and other digital equipment. Those who put an appropriate value on their company’s security will fully understand just how important comprehensive organizational protection is in the context of maintaining a competitive edge.
Take the Initiative
Progressive organizations that strive to stay ahead of the curve will constantly question whether their digital security standards are up to par. Companies will even find it prudent to go on the offensive in order to ward off potential attacks. After all, the livelihood of an organization is now tied to its ability to create and store digital assets/services in a secure manner. A growing number of companies like Wells Fargo, AIG and General Motors are appointing cybersecurity specialists to their board of directors. Sure, adding cybersecurity professionals to the board is not absolutely necessary yet it is a step in the right direction as an increasing number of digital threats arise.
Part of the Battle is Posing the Right Questions
Aside from constantly questioning your organization’s security safeguards, executives should also regularly meet with their CISOs and other digital security experts. These meetings serve as an opportunity to determine whether the company has allocated enough resources to protecting its digital assets. The typical CISO will ask for more assistance in the form of manpower and capital yet they will also provide valuable insight regarding possible security shortcomings. CISOs also stay up to date on regulatory changes applicable to your company’s specific industry. Alterations to security standards should be continuously made as the industry evolves and your organization develops.
CISOs should be able to coherently communicate how the firm’s security posture is designed to prevent hiccups that stifle operations. They should also be able to explain how the company’s data and IP systems are kept secure. Nowadays, plenty of companies rely on the cloud for data storage. Some companies are heavily reliant upon the IoT (the Internet of things) for their operations. Your firm’s security professionals should be able to protect all company data and capabilities regardless of where they are stored or whether they are reliant upon outside support for operation. Furthermore, your organization should have a clear separation of duties in the context of security. If the CIO, CISO and risk and compliance officers are unclear as to who is responsible for certain aspects of security, there is a good chance that loose ends won’t be tied up.
CISOs Deserve Respect and Power
Adding a CISO to the board of directors will help your organization’s executives remain in the loop in regard to cybersecurity. More importantly, it will give these executives the opportunity to regularly pick the brains of their security expert(s). Merely bringing in a CISO for a yearly report will not suffice. Company leaders need a surplus of information to determine exactly where the organization stands in the context of digital security. The bottom line is the input of a CISO at board meetings will prove quite valuable across posterity. His presence will help company leaders gain a better understanding of the organization’s risk profile and determine whether the budget should be altered to improve security efforts.
Published On: 6th April 2016 by Ernie Sherman.