Challenging your organisation: 11 cybersecurity questions CEOs need to ask
It is increasingly clear that cybersecurity is a key factor in a company’s performance, reputation and valuation. This point is brought home in The Cyber-Value Connection report published by CGI in the UK, which quantifies the connection between a severe cyber breach and damage to company value. Adverse publicity around breaches puts cyber risk increasingly on the radar for investors and regulators. As a result, cyber is a critical issue for boards of directors and CEOs. Yet, few have the expertise needed to develop plans to protect their organisations. (Read more in CGI’s 2016 study, Cyber security in the boardroom: UK plc at risk.)
But this situation will change. Board members will face increasing pressure to consider cyber risk, and it will influence how their personal performance is assessed. Expectations will fall heavily on the CEO who, in the event of a cyber incident, will face questions from the media, customers, employees and investors. It is likely that we’ll see more CEOs forced to resign as a result of a cybersecurity breach.
Making the case for robust cyber governance
What companies need first and foremost is a strong cyber governance structure. Board members can take the first step toward this goal by challenging their organisation on cyber issues. Senior executives need to understand what they know (or don’t), where there is confidence (or isn’t), and where plans are prepared (or aren’t). With these answers, they can build the expertise, personnel and governance needed to anticipate and manage breaches effectively.
Here is a small collection of questions that a CEO might ask their organisation. They are not intended to be a technical checklist; rather they will elicit a degree of confidence in response that will, in turn, reveal the real state of preparedness.
The scale of cyber risk may be intimidating, but these threats can be mitigated like any other risk―with strong leadership, sound governance, adequate preparation and planning. It all starts at the top, and the CEO sets it in motion. Learn more about asking the right questions in our report, The Cyber Value Connection. You can come meet me and listen to my speech at Cyber Security Executive event 14th of November at Helsinki.