Convincing Leadership to Prioritize Data Security
I recently wrote an article about the importance of CFOs and CIOs working together to advance their companies during digital transformation. After all, CFOs aren’t necessarily associated with being techies. But as marketing, sales, HR, and other departments throughout the enterprise continue to adopt new technologies, it becomes imperative that they understand the benefits—not just costs—that technology brings to the company. The same could be said for cybersecurity. In fact, I’d say when it comes to data protection, the entire C-Suite needs to get in the game.
I know what you’re thinking: don’t we pay IT—and, most likely, a number of other cloud providers—to keep our data safe? Of course we do. But according to the “Thales 2018 Data Threat Report,” a recent study released by 451 Research, leaving cyber security up to IT alone just isn’t working. While IT spending is going up, so are the number of breaches. In today’s digital economy, all companies are essentially tech companies—and they need to think like it. That means all executives need to share the same commitment to tech security. And as it turns out, IT and the C-suite aren’t always on the same page.
For instance, another recent study—this one focused on both C-Suite execs and IT “decision makers”—showed huge gaps in each group’s assessment of the costs associated with a threat, who is responsible for preventing them, and even how much of a challenge cyber security happens to be overall—Three areas where there should be some agreement. As an example, 80 percent of executives felt cybersecurity is a significant challenge, while just 50 percent of IT decision makers agreed. For me, that was surprising. After all, IT staff are so overwhelmed with threats that on average they only tend to just over half of them. On the money side, results were just as puzzling. IT decision makers estimated the cost of a cyber breach to be far higher than executives did—$27 million+ compared to nearly $6 million. So, how do we fix these gaps and get everyone on the same page?
First, get leadership involved. Start from your center of commonality. Research shows both IT and the C-suite agree they’ll be targeted by a cyber threat at some point. So don’t dance around the topic with theoretical explanations and stats. Demonstrate real-time, real-world situations that could happen to your company, and how quickly those cyber dominoes would spread. For instance, if someone hacked your sales database, how many credit cards or private information would they access? How many leads would they capture? How many customers’ confidence would you lose? And how many people do those customers know who could share their lack of trust for your company on social media, etc.? As you can see, the potential for damage is endless. Show, don’t tell, how it would affect them. After all, money talks. Executives will need to understand the full cost of damage before they’re willing to spend on preventing it.
Second, don’t stop there. The top two viruses in history caused $40 billion in damage. Some hacks occur in less than a minute, and some aren’t even found for almost a year. These aren’t the types of statistics today’s companies can bet on. The question today is not if your company will experience a threat, it’s when the threat will happen and how prepared your company is to deal with it. A full-scale war requires a full-scale commitment on the part of your entire company to adopt new technology only when necessary; update security protocols on a timely basis, and to be prepared to respond when a breach occurs. That doesn’t just mean a tech response. It means the PR team reaching out to customers … the legal team contacting compliance … the HR team educating employees on the ongoing risks. From that perspective, security must absolutely be a top-down culture—not just a sideline (er, siloed) player.
As I said above, every company is a tech company in today’s digital landscape. That means every employee at every company needs to understand the importance of keeping data secure. That will only become more true as tech systems get more fragmented in the as-a-Service economy. Yes, data is power—but if it’s not protected well, it would also be a business-killing liability. It’s time for the C-suite to accept that whether they like it or not, tech is part of their business—and they need to budget accordingly.