Cyber security and data security risks have climbed to the top of UK plcs’ boardroom agenda to become a top five issue following recent high profile cyber attacks, such as the ransomware attack on Travelex.
This shift is largely because the business consequences of such an event can be catastrophic — loss of revenue and major disruption, plus steep fines due to GDPR, damage to reputation and a hit on the share price.
Depending on the severity of the breach it is possible that jobs, including those of the CEO and CISO, could be put at risk. The c-suite must live up to its responsibility for protecting the business by taking whatever action is necessary to prevent it suffering from an attack. But what form should this action take?
The role of the c-suite in cyber defence
The C-suite needs to ensure the right cyber security policies and procedures are in place, as well as a response plan should the worst happen. This entails carefully planning what the company will do following an attack, how to communicate this to the media, shareholders, customers and regulators and the role of employees in responding to an attack.
To do their job properly and secure the organisation from cyber threats, CISOs need buy in and backing from the CEO and board, as well as the budget to build the security team they need and implement an effective strategy, as well as supporting tools and policies.
A CTO guide: The main challenges facing the cyber security industry
When the pressure gets too much
A recent report by Goldsmiths at the University of London revealed that 82% of CISOs feel burned out, with nearly two thirds saying they are thinking of leaving their job or quitting the industry altogether.
That such a large percentage of CISOs feel this way should come as no surprise as it is a highly pressurised position, varying according to the type of organisation they work for and what kind of support they get. The real pressure arises, however, because many organisations are still not investing enough money in information security.
A CTO guide: Cyber security best practice tips
Taking the lead
There is a great deal of work still to be done on cyber security in many organisations, which can only be achieved with a CEO, supported by the CISO, driving a comprehensive cyber security strategy from the top down.
It is about engaging with employees on the company’s vision, the cyber security strategy and what it means for them in terms of best practice and behaviours, which all helps to transform employees into the first line of cyber defence.