It appears a steady stream of high-profile cybersecurity breaches is finally drawing the attention of senior IT and business leaders it deserves.
A survey of senior leaders at more than 300 global companies polled on behalf of Meet the Boss, a virtual roundtable platform that is an arm of GDS Group, a market research firm that host events, finds cybersecurity is both their top priority and the area where leaders feel their knowledge is most lacking.
When asked to rank priorities on a scale of one to ten, cybersecurity achieved the highest score of 9.0, followed by cloud strategy (8.5) and digital transformation (8.4). Of course, all three of those areas are closely connected as IT organizations look to transform not just IT but also how they operate as a business.
The biggest gap between the relevance/importance of a topic and the level of knowledge felt by respondents was IT security, with knowledge of the topic attaining a 7.2 ranking. Cybersecurity teams would be well advised to focus on closing the cybersecurity knowledge gap among senior IT and business leaders as quickly as possible. In many cases, decisions on which the future of the organization are now being made without fully appreciating all the cybersecurity implications. The goal should not, however, be to abandon these initiatives as much as it is to encourage leaders to proactively mitigate potential risks.
Business leaders have, of course, been balancing risks versus rewards ever since caravans began crossing deserts. The real issue today is too many leaders still don’t really appreciate the level of risk to the business that cyberattacks really represent. It’s not intuitively obvious to the average person how some hacker halfway around the world that no one can see could disrupt, even destroy, an entire business.
There may be plenty of headlines involving data breaches in the last year. However, hearing about a breach is one thing. Really understanding the methods cybercriminals employed to create that breach is another matter altogether. One thing a cybersecurity team might want to consider is inviting company leaders to participate in a series of online exercises to show just how easily a business can be derailed by a series of crippling cybersecurity attacks.
At the very least, cybersecurity teams should be briefing corporate leaders in simple layman terms on the anatomy of how some of the most recent high-profile cybersecurity breaches were accomplished. The easier it is to understand how a breach occurred the less likely it becomes a corporate executive will view cybersecurity as some sort of dark art that is beyond the scope of their ability to influence.
Regardless of education medium, it’s clear there’s a real appetite among senior leaders for cybersecurity education. Previously, many of those same leaders paid lip service to cybersecurity but always tended to leave the details to someone else in the organization to handle. It’s not likely senior leaders will become cybersecurity experts any time soon, but it’s clear major shareholders of the organizations are no longer willing to accept ignorance as an excuse. Accountability for cybersecurity has finally come to the C-suite.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.