More than 80 percent of UK senior managers rate security as a ‘very high’ or ‘fairly high’ priority. On the surface, this is a promising statistic.
But there’s a difference between board members acknowledging that cyber security is a priority and treating it as a priority.
If you’re unsure where you sit, ask yourself this: do you really give cyber security the attention it deserves in your board meetings?
The hard truth
Forty-nine percent of surveyed IT decision-makers claim their C-suite treats cyber security as an IT issue, not a business issue.
Worse, 60 percent of these respondents believe their C-suite will only take action if:
- Their organisation experiences a data breach.
- Their customer base demands better security.
You may wonder why this concerns you. After all, you’re no tech expert. And you’re already allocating money to the IT department. Isn’t that enough?
Well, throwing money at a problem isn’t always the answer.
As an executive, you set the standard for how your employees should behave. That includes behaviours around data security, password usage, and shadow IT.
So, if you don’t treat cyber security as a priority, neither will your employees. Considering the fact that 52 percent of businesses view their own employees as their biggest IT security risk, this could spell disaster.
What are you going to do about it?
Once you understand that cyber security is a high-priority boardroom issue, you can plan your route forward. And, in turn, bolster your organisation’s resilience.
With that in mind, here are three ways you can encourage cyber security strategy conversations in your boardroom:
1. Research recent cyber security risks
Only 50 percent of IT leaders believe their C-suite fully understand cyber risks.
You’ve no doubt read about phishing emails and cyber criminals. But do you know how common these risks are? Or how they could affect your business?
In 2021, 66 percent of organisations experienced ransomware attacks. These businesses only received 61 percent of their data back, even after paying the ransom. But this is only skimming the surface - there’s a world of growing cyber risks out there.
With a little bit of research, you’ll discover that a proactive cyber security strategy will help you detect these risks, prevent data breaches, and better secure your workforce. This, in turn, will reduce the risk of hefty data breach fines, reputational damage, and lost productivity.
To gain a better understanding of the current cyber security landscape, we recommend reading authoritative cyber security blogs and research papers.
2. Listen to your IT leaders
Twenty-one percent of CISOs say they have minimal contact with their CEO.
But even those who do maintain contact with the C-suite don’t always hold successful conversations. In fact, over 80 percent of IT decision-makers feel the need to downplay cyber risks.
You have the power to change this.
Talk to your IT leaders. Make time for them during your board meetings and listen to their concerns.
3. Change your company culture
Did you know that 31 percent of UK organisations experience at least one cyber attack a week?
If there’s a large communication gap between business and IT within your company, now’s the time to close it.
To firmly embed security into your company culture:
- Invest in regular awareness training sessions or phishing simulation tasks.
- Determine cyber security metrics and KPIs.
- Request monthly cyber security reports from your IT leaders.
- Benchmark your security against industry standards.
Champion your cyber security strategy
Cyber security isn’t merely a problem for your IT department to deal with. Nor is it solely your problem either.
To mitigate risks and increase your organisation’s resilience, everyone in your company must buy into your cyber security strategy.
But before that can happen, your C-suite must treat cyber security as a priority.
So, think of this blog post in your next board meeting. And remember: change begins with you.
If you’d like help assessing your organisation’s cyber security strategy, get in touch with the HTG team.
Share
