Keeping your CEO informed may keep them from doing time

Guest Post By: Dr. Roméo Farinacci

What is the most valuable asset of any company? Understandably, most would say its people. True enough, yet there is another asset that runs a very close second: the company’s data.

We live in a world of hyper connectivity which is only going to increase through the volume of data and speed in which it is generated. Data has become a billion-dollar commodity resulting in vast revenue for companies that profit from our use of the Internet. In the ‘Information Age,’ businesses leverage online marketing, digital advertising and Internet-enabled sales, such as providing services for the distribution and protection of data. With innovations like the Internet of Things, blockchain and applications of Artificial Intelligence, data is making every company a data firm.

It also makes them a target for cyberattacks.

CEO’s need to view the handling of their data as a top-tier responsibility as they will ultimately be held accountable for violating federal compliance regulations. And most decision-makers are surprised to learn – sometimes the hard way – that penalties can range from stiff fines to actual prison time.

Punitive consequences aside, how a company builds, maintains, and protects its data will change the competitive landscape. It allows smaller upstarts with new algorithms to be worth billions in months and breaches in security of blue-chip firms to lose billions in a matter of hours. It creates new concerns in areas of regulation, anti-trust, and legal liability and it changes how the stock market values a company.

Once upon a time, security officers were charged with protecting the precious resources inside four walls. In the Information Age this has not changed, but it is the cybersecurity that plays a huge part in protecting a company’s primary assets. Without a proper strategy that is well executed, shareholders can and will hold the person in charge responsible for the lapse in control over these resources.

Several well-known organizations have recently experienced an increase in cyber threats with many experiencing great loss in assets, competitive advantage, and credibility due to the lack of security around their intellectual property and customer information. In 2019 a research expert at Statista identified over 1,500 breaches were recorded with 160+ million records exposed. In addition, research conducted by Cybersecurity Ventures estimated that cybercrime will cost the global economy over $6 trillion in 2021. As an increase in attacks continues, organizations need to enhance their data visibility to quickly respond to the inevitable breaches.

Cybersecurity needs to be seen by CEOs as a key strategic effort of the company; however, it is often viewed tactically. Industry compliance and standards provide cybersecurity professionals with a framework for establishing security. However, being in compliance, understanding applicable data protection and disclosure laws, implementing a robust cybersecurity program and providing training to employees is still just the start in establishing a strategy that will aid in combating cybercrime.

Leadership can and will be held responsible for data breaches that occur on their watch, because of the grave financial and reputational consequences these attacks can have against their organization. Just consider the number of resignations in the last five years as result of a data breach: Capital One’s CISO in 2019, Equifax’s CEO and CSO in 2017, Uber’s CSO in 2017, and OPM’s CIO in 2016. Some of these were due to inadequate cybersecurity solutions, lack of awareness and training of employees, or simply not taking cybersecurity seriously throughout the organization.

Cybersecurity is like brakes on a car. They are not there to stop us; they actually enable us to go faster. If cars did not have brakes, we would drive one mile an hour or not at all because we would have no control. With brakes we have the comfort and security to go 65 mph because we know they will slow and control the vehicle when needed. Similarly, cybersecurity enables us to do our jobs without worry of who may attack us, provides protection from sending sensitive data to the wrong place and it gives control over what employees can or cannot do.

A mature and tested cybersecurity program that is effectively communicated can protect assets, personnel, shareholders, and help keep the CEO from doing time.