Why cybersecurity starts in the C suite

This article is part of a special issue of VB. Read the full series here: How Data Privacy is Transforming Marketing.

The average number of attempted cyberattacks per company increased by 31% between 2020 and 2021, according to Accenture’s latest State of Cybersecurity report. With 70% of organizations including cybersecurity as a topic of discussion at every board meeting, and 72% of CEOs saying that strong cybersecurity strategies are essential for their reporting and trust with key stakeholders, it is clear that security is a top concern for business leaders. Assessing and responding to cyber risk is no longer seen as separate from core business objectives, but rather as an essential part of keeping a business alive.

So who in a company is responsible for understanding, developing, and implementing a strong cybersecurity strategy? Well, according to the same survey of 260 C-suite executives surveyed around the world, 98% believe the entire C-suite is responsible for managing cybersecurity – the job isn’t the job of just one expert. , CRO or CISO.

However, according to a global survey conducted by Trend Micro, which included the views of more than 5,000 IT professionals in 26 countries, only half of respondents said they believed C-suite leaders fully understood cybersecurity threats and risk management. The reality is that C-suite and C-suite minus 1 executives are unfamiliar with basic cybersecurity concepts such as zero-trust security architectures. In the face of dealing with massive incidents like the December 2021 Log4j vulnerability, this skills gap highlights a huge mismatch between expertise and leadership-level accountability.

In order to protect a company and its sensitive internal and customer data, leaders must now also be experts in cybersecurity.


Low-Code/No-Code Summit

Join today’s top leaders at the Low-Code/No-Code Summit virtually on November 9. Sign up for your free pass today.

register here

Responsibility for the C-suite

A company is only as strong as its leaders. Whether it’s the CEO, CFO, COO, CHRO, or CMO, cybersecurity should be a top concern for all of us. Senior and senior managers must be able to identify potential cyber threats to their organization and understand the systemic risks present within its digital ecosystem of suppliers, vendors and customers.

Yet many organizations have struggled to keep pace with the digital transformations of their industries, leaving significant knowledge, process and technology gaps in how they manage threats. Additionally, the changing landscape of national and international compliance regulations has created an environment in which businesses are constantly forced to evolve, trying to stay current and compliant with data and cybersecurity requirements.

Business leaders who hone in on the fundamentals of modern cybersecurity can foster an organizational culture of cybersecurity and strengthen their technology stacks, processes, and teams from the top down. CEOs and CMOs don’t need to become information security analysts, penetration testers, or hackers. Instead, they must demonstrate five core competencies that impact their work and leadership:

  1. Develop a common language and understanding of cybersecurity risks and best practices: Understanding the difference between VPNs and zero-trust capabilities is the first step to implementing the right security strategy for your organization. Business leaders should familiarize themselves with the basic language and concepts their teams will use in cybersecurity discussions to ensure they can participate effectively in discussions and guide the decision-making process when issues arise. .
  2. Identifying potential cyber threats and systemic risks present within their digital ecosystem of suppliers, vendors and customers: Mapping the risk landscape – with the help of expert team members – is the first step to remediate to vulnerabilities. Business leaders should be able to assess whether additions they want to make to their technology stack or new processes they want to implement could create additional risk in their ecosystem.
  3. Assess how to respond to low, medium, and high risk cyber threats: Designing and implementing a robust Incident Response Plan (IRP) ensures that organizations are prepared to respond in the event of an incident, no matter how severe. Business leaders must be able to articulate how their organizations will detect, respond to, and mitigate the consequences of malicious cyber events.
  4. Create a culture of cybersecurity throughout the organization: Getting employees on board is an essential first step to implementing a true culture of cybersecurity in any organization. To be successful, business leaders must know how to design awareness campaigns, training plans, and accountability measures that will encourage every employee to take ownership of security measures and become advocates for cybersecurity best practices. .
  5. Scope cybersecurity budgets for their organization: Prioritizing cybersecurity investments requires a thorough understanding of both the risks and the potential return on investment. Business leaders should outline the technology and talent budgets needed to support the deployment of cybersecurity initiatives and address the gaps they have identified in their current enterprise risk management processes.

Business leaders who master these skills will be able to confidently lead cybersecurity conversations with internal and external stakeholders and ultimately move their organizations forward, ensuring they respond Board expectations for cybersecurity accountability.

Transforming the Broader Cybersecurity Ecosystem

No organization or role is immune to cyberattacks – from small businesses to large tech companies and from C-suite to entry-level employees, cybercriminals know no bounds. As the C-suite strives to create an organizational culture of cybersecurity, it needs the support of experienced practitioners and everyone in the organization to make real progress. By transforming talent in every role, from the start of the employee lifecycle through onboarding, you can ensure that every employee has a baseline level of cybersecurity knowledge and has a solid plan in place to avoid cyber threats. And when you strengthen the whole organization, you also become a much less desirable target for attackers.

With high demand for technical roles in particular, organizations around the world face fierce competition for a limited pool of top talent. It is a gap that widens every day; according to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs worldwide by 2025, a 350% increase over eight years. And only 3% of US bachelor’s graduates have skills related to cybersecurity. There simply aren’t enough practitioners to meet the demand. I recently spoke with a CISO from a large financial services entity. They said the company was engaged in an all-out war for cybersecurity talent. They simply can’t hire the skills they need, so they have to manufacture them in-house by training existing employees.

I can guarantee that this company is not the only one facing this battle. In this competitive environment, it is more important than ever for companies to seek to develop their current employees or hire with the intention of training them, rather than assuming that they will be able to fill every position with a highly qualified external candidate. qualified.

With enough passion, intelligence, and effort, any of your employees can become a cybersecurity expert, if you provide them with the skills they need to succeed. Pursuing talent transformation initiatives that emphasize hands-on, hands-on learning will equip your employees with skills in in-demand roles like cybersecurity, increasing engagement, retention rates and the overall security of your business. A win-win, really.

While the strength of a cybersecurity strategy begins in the C-suite, a true talent transformation strategy goes beyond training to practice critical thinking and real-world skills at all levels. By improving the skills of employees at all levels of the organization, you can be sure of your ability to react to the next big vulnerability.

Sebastian Thrun is president and co-founder of Udacity and a German-American entrepreneur, educator, and computer scientist. Prior to that, he was Vice President and Fellow of Google and Professor of Computer Science at Stanford University and Carnegie Mellon University.


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.

If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider writing your own article!

Learn more about DataDecisionMakers

Leave a Reply