SECURITY IS NO LONGER JUST ABOUT PROTECTING A BUSINESS’S INFORMATION.

It has reached a point were companies should no longer ask if they are going to be hacked and instead when. With every company becoming digital, the pace of change is only accelerating and our ability to make the right decisions on cybersecurity needs to move even faster. Some estimate that between $9 and $21 trillion of global economic value creation could be at risk if companies and governments are unable to successfully combat cyber threats.

As cities, countries and companies navigate at the fast pace of change in this new era of the internet, security will become more essential to the business and in many cases, will help drive growth.  Businesses will be driven by security embedded in the network, architecture, data at the edge and convergence of applications.  Transformations such as the one we are experiencing now will also require smart leadership from the board and the c-suite.

Connected devices are predicted to grow to 50 billion by the year 2020. The average connected device has over 20 identified security vulnerabilities. Cyber-attacks are gaining the ability to become more and more complex, increasing the risk they pose for companies everywhere.  The pace of change, as businesses continue to transform, will require boards and the C-Suite to make fast and effective security decisions that protect the company business – both from a market perspective and a reputation perspective.

Security is no longer just about protecting a business’s information. It is critical to maintaining trust with the public and customers, building company reputation, as well as safeguarding data, IP and critical infrastructure. This can all influence higher-level issues like maintaining competitiveness in the market, stock price, and shareholder value.

With no common set of standards in place, Internet security is lagging behind the sophistication of hackers. The global economy is not adequately protected. Of companies that were attacked in 2014, 81 percent were not able to identify the breach themselves and on average it took them 188 days to realize their security had been compromised. For companies to take action now, security needs to become an issue from the top down. Both the board and CEO must ensure that they are making the right decisions about security through the following ways:-

UNDERSTAND CYBERSECURITY AS A RISK

In a recent ISACA report, 55 percent of corporate directors said that they must personally understand and manage security as a risk area. The board’s involvement with cyber risk may be growing, but many members still do not understand key areas. The board should start by asking questions about the company’s approach to security and readiness to face an attack and the CEO should be prepared to answer them.

Critical areas include whether or not the company understands the cybersecurity landscape and how it can affect its key business sectors. They should also ask about how cybersecurity fits into the overall corporate planning process and whether executives take ownership of this.  Additionally, the board should know the company’s process for disclosing security breaches and if there is a set plan in place.

COMBINE BUSINESS AND TECHNOLOGY ARCHITECTURES

The CEO must make it clear that security is not just an IT problem – it is a priority for the business that is top of mind. Business and technology leadership must work together to discuss potential risks and find solutions that protect intellectual property and financials alike. A security strategy should focus on the critical services that enable the company. CEOs need to be able to answer tough questions and prove that they are leading a security strategy that works through testing and explanation.

MANAGE BREACHES BEFORE THEY HAPPEN

While breaches seem inevitable, managing them – long before they happen, while they are happening, and after they have happened is critical to maintaining shareholder, customer, and employee trust.  Right now, boards and CEOs play the most crucial role in getting this right, and we must lead.

When a security breach happens, it’s the CEO’s job to be the voice of calm amidst the firestorm. They should take charge to explain the action plan that is in place and what steps are being taken to investigate and fix the situation. The CEO’s ability to understand the technology they are using and the security industry as a whole is critical

In today’s connected world, making security a top priority for the business is no longer a choice for CEOs and board members – it’s a must. As we’ve seen in recent news headlines, security breaches can bring entire multi-billion dollar organizations to their knees. In 2014, companies experienced 783 major data breaches, an increase of 27.5 percent from 2013.  

These incidents cost companies on average $3.5 million or 15 percent more than the year before. In this new threat landscape, security will contribute to whether or not companies will successfully navigate market transitions. Board members are in the driver’s seat and must take action now to build sound security strategies that protect companies from an attack.