Despite that danger and the risks faced by every business, cybersecurity often takes a back seat to other company needs that are perceived to be more critical by senior executives.
Last year alone, the average cyber attacks cost enterprises in North America about $1.3 million per instance. Cyber attacks on small to medium-sized businesses cost over $117K.
Considering 85% of businesses have experienced a security breach of some sort (whether they know it or not), the amount of money spent on recovering from these attacks is staggering. Why aren’t businesses stopping cyber attacks before they happen?
Stopping a cyber attack before it happens is incredibly difficult if cybersecurity isn’t a priority for a business. How do you make cybersecurity important though? The answer is simple: the only way to make cybersecurity important is discussing it frequently at a boardroom level.
Why at the boardroom level? The discussion needs to happen at the boardroom level because that is where a company’s decision-makers are. Those decision-makers are the ones that set a business’s agenda and decide what a company will prioritize and what it will leave off the schedule.
The absence of a good cybersecurity strategy can cause significant problems for a business. If a senior executive doesn’t believe it’s essential to develop a cybersecurity strategy, anyone else in the organization will rarely be able to establish one without support from the top.
Simply put, if cybersecurity isn’t a top priority for the decision-makers, it won’t be important to anyone else in the organization.
A recent study from Fortinet shed some light on the subject of just how unimportant cybersecurity is in certain situations.
The study showed that despite the ever-increasing rise of cyber attacks, 48% of the IT decision-makers polled felt cybersecurity was not a top priority in boardroom discussions.
Considering that one of the primary jobs of a senior executive is to mitigate potential business risk, it’s worrisome that the development of a strong cybersecurity posture for their business isn’t more of a priority, especially considering the damage a cyber attack can do to a brand’s reputation.
That damage to a company’s brand can include a loss in consumer confidence but also damage to investor and shareholder value.
When you put all of those things into perspective, it makes the idea of discussing cybersecurity more frequently in the boardroom all the more attractive.
That’s not to say senior executives have entirely ignored their business’ cybersecurity concerns. The same Fortinet survey mentioned above states that IT professionals saw an increase in cybersecurity interest from the boardroom after ransomware attacks like WannaCry and NotPetya took the world by storm.
While ransomware and malware attacks have been widespread and very news-worthy lately, stopping ransomware isn’t the only thing a senior executive should focus on when they decide to get involved with developing a cybersecurity posture.
That’s not to say stopping a ransomware infection isn’t essential. It is! However, it’s a decision made in response to a flavor-of-the-week kind of threat. A healthy cybersecurity posture needs to be proactive, not reactive.
Because cybersecurity gets talked about so infrequently at the boardroom level, it might seem like installing end-point protection software is all a business needs to protect its intellectual property.
If the topic were discussed more often, the increased flow of information would probably make the need for other defensive strategies more apparent.
If you’re only focusing on removing malware from your end-points, you probably won’t notice closing the hole that allowed the attacker to install the malware in the first place (i.e., a Social Engineering Attack )
Oddly enough it’s senior executives who are the most targeted by attackers, but they may never learn a fact like that without taking the time to discuss cybersecurity at a higher level.
So how do we change the situation at hand? How do we start discussing cybersecurity where it matters? Start with a free cybersecurity risk scorecard. You can’t manage what you don’t measure and a scorecard from Integris might be what it takes to get the cybersecurity discussion going in your boardroom.