Cybersecurity and the C-Suite

When I am at a conference and asked what I do, and I start talking about what my company does, I often get the “deer in the headlights” gaze.

This is one of my biggest business challenges – is explaining what cybersecurity and data privacy compliance is to executives and why it is important to their businesses.

Often the C-level has a rudimentary understanding of cybersecurity.  They hear about data breaches in the news and hear the word cybersecurity a lot.  Often the executives tell me their IT departments have “this handled.”  Then I ask more probing questions about their cybersecurity policies or their incident response process or when they last did a security audit check and that is when the executive visibly gets uncomfortable.  And I know why.  It’s because their organization does not have cybersecurity handled.

In CIO Review, in his article Why the C-Suite Must Embrace Cybersecurity, Chris Riley, President of U.S. Operations, SSH Communications Security, writes:

It is a potentially disastrous mistake for executives with non-technical backgrounds to simply assign responsibility for cybersecurity to the chief security officer, chief information security officer or IT team. C-suite executives might see the iceberg ahead, but do they really understand the size of the problem below the surface?

Because of the executive’s lack of understanding cybersecurity, they defer to their IT staff.  Often executives and operations management have the misconception that their IT staff are also cybersecurity experts which leaves many companies and their customers exposed to everyday security threats.  This vulnerability can be costly.

Riley further states, “As we have seen in recent headlines, a particularly bad public data breach can ruin a CEO’s career. As enterprises and government agencies are required to follow NIST and other cybersecurity guidelines, more than just the CEO will be targeted for replacement.”