Evaluating Cybersecurity Risk from the Executive Seat
By Jeff Bathurst, SC&H Group
Today, technology is an element of nearly every business, which means every business on earth needs a practical cybersecurity plan. If you collect confidential data or utilise cloud technology, that information is potentially vulnerable. But fear isn’t the answer – preparation is.
Too often, businesses take a reactive or siloed approach to cybersecurity. A breach happens, and they scramble to contain the damage, finding one-off solutions or investing in insurance plans that don’t protect them from future cybersecurity threats.
The organizations best equipped to meet evolving business needs are proactively incorporating cybersecurity measures in every aspect of their business strategy. They build it into every contract and stay up to date on possible threats. In short, they view it as a fundamental concern of their entire business, not just a band-aid to apply when things go wrong.
The bottom line is, attacks are on the rise. The “Internet of Things”, hybrid systems, the remote workforce, and more, have created endless vulnerabilities to private networks. And while recent historic breaches from Yahoo!, Target, Under Armour, and many more multinationals have generated headlines, nearly 60% of malware attack victims in 2018 were small and medium-sized businesses.
It can happen to anyone, but nearly 75% of US businesses are considered unprepared for a cybercrime incident. Preparation will put you ahead of the pack.
Find the right approach
Technology professionals who build a cybersecurity-assessment method should combine expertise in cyber with a nuanced view of the tech demands for middle-market businesses. A successful team will include former and current CIOs who help businesses think about more than just the threats to their data. It should engage everyone, from the executive level on down, combing through clients’ technology strategy to comprehend their financial, legal, reputational, and strategic risks. At SC&H Group, teams find an approach that reflects business needs, strengths and technology goals.
A full assessment and plan should include:
- Identifying the far-reaching risks and effects of data breaches.
- Overcoming specific barriers for effective cybersecurity measures.
- Developing a new or improved cybersecurity programme that focuses on operations, not just technology.
- Meeting with the C-suite to understand the business’s overall strategy and approach.
- Reviewing current processes and technology.
- Regrouping with the C-suite to present findings, share feedback from staff and management, and explain the impressions of where the company falls on the cybersecurity spectrum.
- Building a roadmap with C-suite input, reflecting the organisation’s priorities.
- Working with the client to make sure recommendations are implemented by the internal team and external vendors.
No company is completely hackproof. But the best-prepared, most forward-thinking businesses recognise that long-term cybersecurity risk mitigation is a matter of smart investing and sound partnerships.
Published: GGI Insider, No. 101, May 2019 l Photo: Gorodenkoff - stock.adobe.com