Managing Management: Cybersecurity Questions for the CEO
November 6, 2017 by Bill Rosenthal

Man listening to question

As technology and hacking methods continue to advance, businesses will recurrently face a menagerie of cyber threats. According to a study conducted by the Ponemon Institute, total loss of business due to data breaches is estimated to be around $3 million, with the average cost of each compromised record being $194.

Obviously, this means that companies should expect to go past mere compliance and be proactive about protecting their data. While compliance offers a simple baseline, it does not do anything to combat the threats or vulnerabilities that are not always known, nor does it offer solutions for new threats.

The ever-evolving landscape of cybersecurity risk is the single biggest challenge of the industry as it is changing faster than we can begin to keep up. The obvious answer to this problem has been to allocate most resources to the most important aspects of the data. However, this then leaves other parts of the system weak. This approach to protection simply does not cut it anymore – it’s time for a new one. 

There are a number of different ways to handle these issues. The United States Department of Homeland Security has suggested updating protection by encouraging businesses to conduct real-time assessments and to conduct continuous cyber risk monitoring. Additionally, Homeland Security is also recommending that employees hold their CEOs accountable by asking them the following questions: 

  • How thorough is our overall cybersecurity incident response plan? Is it tested frequently?
  • How are our cybersecurity standards applying the most current industry standards and best practices?
  • What is our current level of risk? How are our cybersecurity practices tailored to the specific risks that have been identified within our company?
  • How many and what kind of incidents or threats does our company regularly encounter? At what point are high-level executives alerted to an issue?

These questions help lead everyone to a risk-based approach that goes beyond more traditional compliance standards. Companies should work towards leveraging a comprehensive strategy that includes industry standards and best practices. The best way to help keep your organization safe is to arm all employees with the skills and training to act as a first responder against cyber threats – and our CyberSec First Responder training and certification does just that. With this training, employees will gain the high-stakes skills required to both prevent breaches and serve their company before, during, and after a breach. To learn more about our CyberSec First Responder program, contact us today!