As cyber risk continues to grow and evolve, aligning your company’s leaders on a clear strategy is more imperative than ever.
The increasing sophistication of technologies, automation and AI are creating powerful opportunities for growth and development. But with these advancements comes the paralleled sophistication of cyber attacks, bad actors and malware.
As the stakes rise, businesses must buttress operations with ongoing strategic planning, delineation of leadership roles and adherence to rigorous defence policies. To achieve a robust defence appropriate to the contemporary threat environment, your primary attention should be devoted to these areas:
Hire a head of cyber security (if you haven’t already)
Getting the right leader is key in the ongoing war of security. You need the right balance of technical ability combined with flair and influence.
It’s not enough to focus on technical acumen alone. While this is of course imperative, you also need a charismatic stakeholder manager who has a presence persuasive enough to drive change amongst your teams.
Already have the right candidate? The next matter for assessment is a review of where they sit within your business and reporting chain. Generally, it’s not advisable to combine it with the IT function. This risks competition for departmental budget, and risks capping your cyber chief’s potential. You’ll want to clearly define your leadership roles to ensure they have their own remit and financial independence.
…And empower them to lead
An Achilles heel for many businesses is the reality that, despite the importance of a cyber leader’s function, they are often excluded from having input into major business conversations. That is, until later in the game when the ship has already left the port. This undermines their position and the very reason you’ve hired them in the first place. And significantly, it could open you to same vulnerabilities you’re attempting to minimise or eliminate.
At best, the ensuing back pedalling is a waste of budget and hours that could be better spent elsewhere. At worst, it could have catastrophic consequences for your company.
Writing for Harvard Business Review, Matthew Doan warns “It’s time for boards and C-suite executives to reset their expectations of how cybersecurity is positioned and what a cyber leader is.” As the old saying goes, prevention is better than cure. In today’s climate, businesses can not afford to continue leaving risks as a second stage consideration. For companies to have the best chance at prevention, leaders must be included in decision making at the outset.
Encourage stakeholder buy-in
Cyber security directors won’t have the chance to make real impact unless there is company-wide engagement. Department heads and key leaders must adopt and champion processes for strategies to work. Fundamentally, stakeholders need to believe in the risks and understand the relevance of their own part in prevention strategies. Incentivising key players by including security targets with performance markers (and tying this to bonuses) is one way to promote hygiene.
Setup ongoing cyber strategy meetings
Pulling your executive team together to define your overarching strategy and agree on roles, mandates will create the clarity necessitated by the complexity of facing such a challenge for a robust and prepared business. The benefits of taking such meetings offsite are widely acknowledged. At Cliftons, businesses leverage secure and private seminar environments equipped for confidential leadership discussions. It’s therefore not surprising to observe an uptake in top 100 companies hosting such meetings in recent times.
Plan a cyber strategy meeting.
Protect your business against cyber risk
Major incidences like natural disasters, pandemics and cyber threats can have significant business impacts, particularly when they last for months. But smart workarounds can be
As cyber risk continues to grow and evolve, aligning your company’s leaders on a clear strategy is more imperative than ever. The increasing sophistication of