Executives

Executives

Cybersecurity is overwhelming executives
- Growing in scope, scale and complexity to finances, reputation and property
- Yet, still treated as a “tax” and low priority
- Seen as an operational issue and not a strategic issue
- Don’t know if/when there are incidents, how bad or how to handle
Don’t realize the scope of their technology dependency
- No complete understanding of IT and operational technology (OT) relationships
- Permeates relationships with customers and third party stakeholders
- No understanding of cybersecurity underlying issues
People, process and technology not properly integrated, implemented or fully utilized
- Decreases usability leads to unauthorized workarounds, which leads to decrease in security
Chief Information Officer (CIOs) need to be trained, informed and capable
- Companies face a unique set of risks and threats that CIOs need to effectively elucidate
- CIOs need to efficiently develop and deploy strategies that counter those risks

Boards

Lack structure, clarity and consistency for a proper cybersecurity discussion
- Incorrectly focuses on IT “silos”, systems and prevention
- Difficult to gauge, understand or predict risk – results in wrong priorities
- Invisible pay-off – unknown and unpredictable to budget
Need ability to ask the “Right Questions”
- Lack expertise and metrics
- Overlook the “opportunity risk”
- Leads to digital transformation oversight

Need to fully understand security risks
- Growing personal liability relative to cybersecurity oversight
CISO should serve on boards
- To better understand the requirements, challenges and risks
- Become a strategic partner in technology and business decision making
- To better prepare for a breach beyond just technical response
- Example: Sarbanes-Oxley (SOX) required boards to have a Qualified Financial Expert (QFE)
- - Now need a Qualified Technology Expert (QTE) on the board

Let us help you make your organization cybersecurity savvy