When it comes to upper level executives and their IT security teams, there seems to be a disconnect when it comes to the level of support IT needs to protect the enterprise. In order to better prevent a security breach from is happening, it’s important that the C-level executives are aware and on the same page with your enterprise security team. Only 12% of C-suite executives expect a major, successful attack on their organization in the next 90 days. In addition, two out of five CEOs, other C-level executives, and non-executive directors feel they are not responsible for the repercussions of a cyber-attack. Any breach that is caused by the void between these important roles has serious costs associated with them.
What are these costs? The responsibility of the CEO is enterprise performance, including profitability, which the costs of a breach effect, both directly and indirectly. Breach costs may include forensic investigation, customer notifications and free credit monitoring, reputational damage, lost customers, lawsuits, dropping stock prices, and increased scrutiny by regulators. In addition, boards of directors have a role in corporate governance and risk management, including cyber security oversight, and shareholders can potentially sue members of the board for failing in these duties when it comes to security.
So how can you close the gap between executives and your enterprise’s IT security? Keep reading to find out.
5 Tips for Aligning Executives with Enterprise IT Security
1. Knowledge is Power
Most executives climbed their way to their position through less technical roles. This means they don’t have the technical experience to fully understand what their IT security team is doing. Top leaders need to work with security teams to ensure that risks and strategies are communicated in language that business leaders can understand, and tie security recommendations to business outcomes whenever possible.
2. Don’t Be Overconfident
It’s critical that executives understand and accept that no security technology is impenetrable. Even the slightest change to software, for instance, can weaken security, so security controls must be embedded throughout operations. Technology on its own is not a strategy that can keep an organization safe. Additional effort, such as training and development of policies and procedures, is required.
3. Manage the Human Error Risks
What may seem like a minor misstep by an employee, contractor, or other person who has access to the enterprise’s physical or virtual assets can unravel all of the business’ security technology. One wrong move is sometimes all an attacker needs to crack an organization’s defenses wide open, especially when you consider that the majority of all incidents are in part caused by a human error. Indeed, managing the risk of human error is the foundation of every enterprise security program.
4. Distorted Views of the Security Budget
Unfortunately, while there may be significant annual increases in security budgets within your enterprise, threat levels are outpacing these budget increases. It’s important that your executives understand this. Many times there is a perception that the increase in the budget is enough, without understanding that threats such as ransomware and phishing scams are increasing in frequency and ability to penetrate organizations at a faster rate. Add into this that new security concerns are cropping up for emerging technology including the Internet of Things.
5. Use Opportunities to Lead
Your enterprise executives and high-level leaders can help to close the gap by simply expressing an interest in the organization’s security. For example, leaders should ask their security team about important initiatives that are currently unfunded. In addition, leaders should communicate broadly that the Security team is not solely responsible for security any more than the Sales team is solely responsible for sales. Neither Sales nor Security thrives within a strict organizational silo. Both benefit from interdepartmental collaboration and support.
Start the Enterprise Security Conversation with your Executives
By educating, having a clear understanding of the budget and its reach, as well as managing human errors and taking the opportunity to lead, your executive team will be well on its way to closing the dangerous gap between themselves and your enterprise’s IT security needs. Check out our white paper titled "Connecting Executive Leadership with Enterprise Security" and get access to a checklist you can use a guide to improving the alignment between your executives and your Security team.
Did you know WEI partners with Fortinet to deliver best-in-class enterprise security solutions across several different industries. Fortinet’s Open Fabric Ecosystem is one of the largest cybersecurity ecosystems in the industry. It provides integrated security solutions with the Security Fabric for customers to attain advanced end-to-end security across their digital infrastructure. If you have Fortinet solutions and are looking for a new IT partner well-versed in Fortinet solutions that ALSO puts you first and helps you succeed, now is a great time to talk to WEI.