There’s a great disconnect within companies on the business value that comes from cybersecurity. The reasons are many, one of which, the lack of flow in communication between the CEO and IT department. The solution to the problem is quantifying cybersecurity in a way that shows the business value and advantage that cybersecurity brings to the company when the CEO and CIO meet to talk cybersecurity before a breach happens.
When we take a look at some of the latest statistics related to cybersecurity, we find one that stands out from the pack, one that puts a price on the lack of cybersecurity for organizations.
- The Ponemon Institute has found that the average cost of a cyberattack is around $5 million, this includes $1.25 million for system downtime.
For more than 15 years NCX Group CEO, Mike Fitzpatrick, has been working closely with a number of business CEOs and companies, some that employ 100-900 people, some smaller; yet the findings are always the same: the CEOs don’t want to talk to the IT department and the CIO doesn’t want to talk or doesn’t know how to talk to the CEO and C-Suite. This is why it’s not until companies get hit by a cyberattack that they make a bigger effort to talk to each other.
In our experience, it’s not that the CEO or CIO don’t want to talk about cybersecurity with transparency and arrive at an understanding, it’s that business value is thought of or expressed in different terms. Even when we look at major breaches, such as Yahoo’s breach, we continue to see the different focus that comes to play. Everyone is talking about accountability and the steps that are being taken now (after the breach), but no one is talking about how to get the CEO and CIO to sit at the table, at any time moving forward, to ensure cyber resilience and a holistic cybersecurity posture always from now on. Even the importance about a proactive well-rounded solution and not a patch solution.
Conducting a simple security assessment to see what vulnerabilities are present that need to be addressed immediately, investing in training employees and allowing the IT department to make the necessary changes that need to be done to keep downtime to a minimum if breach takes place.
Did you know that only 28% of businesses deploying IoT technology consider their security strategy as “very important” (Trustwave)?
Everything cybersecurity related involves costs, from branding to actually having to pay for damages, and this is what the CEO needs to understand. The CIO needs to know that they will pay the price if they don’t speak up about the real issues and the real solutions to reduce to the most the chances of breach, but also the downtime that can come from a cyberattack. This means talking about the need for incident response planning and cybersecurity training in all departments.
The business value of cybersecurity to all CEOs is simple, do you want to stay operational or do you want to pay the price later and see if you can make it in the aftermath of a breach? And for the CIO it’s, do you want to keep your job and avoid possibly having to pay damages to the company you were meant to protect through your efforts?
Cybercrime will cost the world in excess of $6 trillion annually by 2021 (Cybersecurity Ventures), cybersecurity costs executives sitting down with an open mind and a willingness to understand each other (both CEO and CIO).
Every time NCX Group has a sit down with the executives of any type of organization, big or small, healthcare providers or enterprises, we communicate with the CEO and the CIO. Together is how we get them to implement cyber resilience thanks to a holistic cybersecurity posture.
Let’s talk about your cybersecurity needs before breach, before ransomware or phishing attacks, before one of your servers or your website gets hacked.
CEO or CIO, you’re both essential to the success of your company! Schedule your free consultation here.
Photo courtesy of wutzkohphoto