Whether your role is as Chief Technology Officer responsible for your company’s technological issues across the board, Chief Information Officer managing the strategy of technological implementations and concerned with how cyber information can improve performance at different levels, or Chief Information Security Officer zooming in on risk management and the cybersecurity of your company’s assets - you are one of the chief influencers over your organization’s cyber risk management program. Your role is to inform the executive team of what is really happening in your company’s cyber stratosphere, communicate where weaknesses lie, and identify the most useful tools in improving cybersecurity and security analysis. And your role, already in flux between tech and communications, is ever-expanding to an even more critical company-wide position as risk awareness and mitigation merges into reputation and branding.
The cost of failing to provide your executive team with the necessary information to impart adequate risk awareness, security measure adoption, and strategize mitigation is further-reaching than we could have anticipated. With regards to the financial costs of a data breach, we have looked at a few examples - SolarWorld’s enormous €178 million hit in 2012, Home Depot’s $200 million in insurance payments to customer casualties in addition to $300 million in losses during 2014, and Sony Pictures Entertainment’s $41 million in losses in 2015. On top of the dollars and euros, add the irreparable damage to reputation, loss of customer base, and deep dives in market value. Still the total price of inadequate cyber security infrastructure, uncommunicated risk awareness, and failed budgetary implementation within the executive team is impossible to quantify.
While as CISO/CTO/CIO, you understand the extraordinary devastation that would come from a cyber attack, you are likely to face a handful of deeply-ingrained roadblocks to attain the tools that you need to mitigate that risk. The Ponemon Institute published an article in August 2017 entitled “The Evolving Role of CISOs and their Importance to the Business”, outlining some of the finer pain points faced by CISOs and those positioned to communicate the importance of cyber security.
Using information based on a research study sponsored by IBM security, the article finds:
- A tremendous lack of communication between the CISO and the executive team
- Significantly insufficient funding to manage cyber security issues: less than half of CISO’s have any funds to handle an emergency threat
- Most CISO’s don’t feel the support they need to create an integrated security plan across the entire company; over half report that the other executives do not even review their cyber security strategies, let alone approve them.
It is clear that the true barrier to acquiring the executive support necessary for cyber security mitigation is rooted in a deficiency in company-wide awareness and shared accountability. The only solution to garner the support of other executives to address the critical need to prioritize cyber security for the entire company is to introduce an improved method of communicating the risks across the executive board.
For risk awareness to be fully acknowledged and cyber security correspondingly prioritized, technical leadership must shift its strategy to focus on assessing risk management and communicating the significance of this assessment to its non-technical colleagues. A major finding of the Ponemon study points out that “By demonstrating the ability to reduce the risk of customer churn through practices that both secure confidential information and protect privacy, CISOs may gain the support of senior management. According to one CISO, the IT security function will transform from a cost center to a revenue center; hence the CISO will be more involved in brand and reputation protection.” In order to be better purveyors of your company’s needs and what measures are worth the investment, it is time to highlight the growing value in cyber security awareness and risk management on a brand level in order to secure a clear standard for communication to your team and funding to support the company’s cyber security needs.
How We Can Help
In order to discern what measures are worth the investment, you need tools that not only help you to vet options but that also give you a way to easily communicate this information through a strategic and financial lens, as opposed to a technical lens. Maxxsure equips you with measurements that quantify risk, help to prioritize threat and expenditures, provide solutions for mitigation, and offer options for transference. Maxxsure provides the toolset you need to gather and analyze this data in a consumable manner, allowing you to meet your strategic consultation with best practices. The time is at hand that you as CISO/CIO/CTO need to ensure that risk awareness and assessment is approached with the relevance and timeliness that our increasingly ‘connected’ economy requires. Maxxsure is your strongest asset for winning company-wide awareness and regulating a channel of communication with consistency and clarity.