Gone are the days when a CEO only had to worry about typical business challenges such as innovation, growth, or market share. While they remain very important, new challenges have emerged that can have an impact on the success or, indeed, failure of a business. Cybersecurity is one of them, and it’s easy to see why.
Reports on cyber attacks and data breaches are hitting the headlines quicker than we can assimilate the news. Government officials and industry experts warn against complacency and urge us to take action. Yet the lack of a top-down approach to cybersecurity – i.e. action that is driven by the CEO – seems to be hindering progress as we continue to witness more organizations suffering.
The following are a few cybersecurity issues C-level executives should be concerned about.
The cybersecurity domino effect
A recent RedSeal survey revealed that most C-level executives in the US readily acknowledge that a coordinated assault launched by sophisticated cyber criminals would wreak havoc on their own business operations and hurt their brands, and potentially affect related companies – even entire industries.
In a row of dominos, knocking over one domino piece will almost inevitably lead to the last one going down, just as one successful attack on one network can lead directly to attacks on different networks in diverse but connected sectors of the economy.
According to the RedSeal report, 74% of executives acknowledge that cyber attacks on networks of US organizations can cause “serious damage or disruption,” and 21%, admit to fears of “significant damage or disruption.”
Almost 80% of respondents admit that such attacks can inflict “serious impacts to business profitability and growth,” and bring about “serious brand damage”, while 45% say that such events will lead to a “big hit on employee productivity.”
More than 43% of executives also predict business downtime, while more than 41% fear “internal/organizational disruption or chaos.”
Asked what other areas might be affected by the “resulting ripple effects of cyberattacks on one network,” 64%, cited “further business-related security vulnerabilities”, 56% cited “national vulnerabilities,” and 59%, agreed with the possibility of a security domino effect.
The cost of data breaches
With data breaches showing no signs of slowing down, C-level executives should be particularly concerned about what a data breach would cost them.
The costs of data breaches are forecast to quadruple over the next four years to $2.1 trillion according to new report from Juniper Research (The Future of Cybercrime & Security). As the leak of customer data is a major consequence of a data breach, firms are likely to be paying a high price. According to the 2014 Data Breach Study, US companies had the highest average cost of data breaches at $201 per record, and also experienced the most expensive data breaches at $246 per compromised record for breaches caused by malicious or criminal attack.
A data breach is likely to have serious implications on your revenue and profits. Smaller organizations that don’t have the financial resources of big corporations may find it difficult to recover.
US companies have suffered some of the worst data breaches in 2013 and 2014, leading to the compromise of 348.16 million records. Retailer Target, one of the high-profile victims of these breaches, suffered an estimated $148 million loss from the breach. Moreover, Target’s earnings slid 46% after the breach. Damaged reputation, withdrawal of investors and loss of customer trust could have a direct impact on company revenue.
Putting cybersecurity on the board agenda
While C-level executives are not expected to implement cybersecurity themselves, they need to understand the implications of cybersecurity risks to their organization. Ensuring the adoption of cybersecurity best practice, such as ISO 27001, should be their responsibility. It will also enable them to promote a structured approach to cybersecurity management and establish a clear line of accountability.
Selling cybersecurity to the board
If you’re tasked with implementing better security practices throughout your organization but find yourself lacking the necessary support, then you should read Selling Information Security to the Board – A Primer, which explains how to get board-level backing for information security initiatives.