7 Tips for CEOs Looking to Boost Their Cybersecurity Knowledge

November 2, 2015 | Security Today

With 90 percent of companies admitting they’ve suffered at least one cyberattack, sitting back and avoiding the topic is not a suitable solution or strategy for CEOs hoping to keep their technology — not to mention their customers’ information — safe.

By Pete Metzger

The CEO is responsible for everything his company does or fails to do, and a good one knows exactly what’s going on at every level of the business.    

When it comes to cybersecurity, however, many feel they lack sufficient knowledge or experience, so they elect to remain hands-off. They pass the task on to a group of (hopefully) well-trained and experienced cybersecurity experts.  

With 90 percent of companies admitting they’ve suffered at least one cyberattack, sitting back and avoiding the topic is not a suitable solution or strategy for CEOs hoping to keep their technology — not to mention their customers’ information — safe.

Every day, we see headlines about security breaches, service disruptions, and phishing attempts on a wide range of targets. As these attacks become more common and more complicated, prevention has to rank very high on a senior leader’s priorities list.

How can CEOs go about understanding cybersecurity and boosting their companies’ defenses — especially if they’ve been avoiding it for a while? Here are seven ways to get on track:

1. Demystify the Issue

It’s easy to view cybersecurity as a discipline only information technology professionals can understand, but it’s really not as complicated as it may seem. It needs to be seen for what it is: a commonsense set of best practices that continually protect and reinforce the most vital parts of a company. Lose the techno-speak; talk about it honestly and in plain language. At its core, cybersecurity is a goal everyone can (and should) understand and work toward. Attackers know that all employees are vulnerable; therefore, workers at every level should be educated and provided with reinforcing classes regularly.

2. Identify and Prioritize the Most Critical Assets

As the leaders of cyber enterprises, CEOs need to comprehensively understand how the most critical assets of their businesses relate to technology. Customers’ personal information — such as credit card numbers, for example — should be defended first and foremost as the company plans a security strategy. Once a company has secured its most critical assets, it can then focus on smaller vulnerabilities.

3. Attend Conferences and Seminars

CEOs can effectively protect their organizations only if they’re staying up-to-date with the latest IP protection technology. Countless conferences are staged throughout the year to discuss the newest cybersecurity techniques. Networking at these events can spark ideas and collaborations that fuel future innovations for companies. It’s crucial that CEOs make room for these in their schedules.  

4. Get to Know the Security Budget

CEOs need to ensure their companies have adequate resources and budget allocated toward preventing cyberattacks. Executives should keep in mind they’ll likely need toincrease that budget every year as the world becomes increasingly digitized (and attacks become increasingly sophisticated).

5. Be Aware of the Extent of the Problem

The security risks that threaten a company today are more complex and difficult to track than ever, and new threats emerge every single day. Last year was dubbed “the year of the breach” as hackers developed nimbler malware and invaded sophisticated systems over extended periods. If CEOs are aware of the growing scale of security risks, their companies are much less likely to become victims.

6. Prepare for the Next Incident

Cyberdefense should be part of each business decision a leader makes, and every facet of the company should be prepared for the worst. Businesses need to practicetheir security operations by staging mock emergencies, and they should have in place a public relations strategy that includes clear protocols for reporting security breaches to employees, customers, and media.

7. Keep the Security Plan Simple and Accessible

It’s important that each worker feels a sense of responsibility for the health of his company’s cybersecurity. All employees must understand that the risk spans the enterprise and must know about the safeguards and programs in place. Be sure to use clear language when communicating a security strategy, and make sure everybody knows the protocol for dealing with the immediate aftermath of a breach. 

The top CEOs of 2015 aren’t just delegating cybersecurity to the techie squad; they’re learning every day to become educated security guards themselves. When modern CEOs make their security strategies top priorities, they build stronger, safer futures for their companies.

Pete Metzger is vice chairman of DHR International, a global executive search firm. His clients include large public companies and privately held firms spanning a wide range of industries. Pete has the distinction of being the only consultant in the search industry to have a current U.S. government Top Secret (SSBI) clearance. He is on the boards of NTT DATA Federal Services, Harvard Enterprise Risk Solutions, Asero Worldwide, and AXELOS. Prior to entering the private sector, Pete served as a U.S. Marines officer for nearly 30 years. He also served as a foreign intelligence officer in the CIA and as the marine military assistant to President Ronald Reagan.

Click here to view the Security Today article.