Cyber Security is not an IT problem, It’s a Business problem – and if you’re a business owner or part of the leadership team that means it’s your problem.
Strategy for Business growth, mitigating risks and staying ahead of the competition are all familiar topics for discussion in board rooms across all organisations large or small, but Cyber Security strategy? Not so much. According to a recent survey only around half of UK Businesses update Senior Management on Cyber Security matters on even a Quarterly basis- and 17% state their Business’ leadership is never brought up to speed. That’s a lot of Leaders who believe Cyber Security is not their problem.
In fact, what these worrying statistics actually represent is not just a swerve of responsibility, but a fundamental lack of understanding of just how important Cyber Security is to Businesses today. Being unaware of the risks faced day-in, day-out by an organisation is surely worrying enough- but being unaware of how Cyber Security can benefit a business and give it a competitive edge? In 2020 I’m afraid that’s just naive.
What many businesses are still failing to realise (and what businesses that do realise are busy embracing and capitalizing on) is that Cyber Security feeds in directly to those board room staples of growth, risk management and market competition. For Owners and leaders, understanding Cyber Security from a business perspective is about understanding the threats faced by their specific organisation- and we’re not just talking targeted or random attacks by a Cyber Criminal here. What about the threat of a supplier or customer being breached, compromising your business’ data and systems as a result? Or how about the threat of losing contracts or opportunities to a competitor, because a potential or existing client demands compliance to a Security framework that senior management have never heard of?
Cyber Security is not an IT problem that technology alone can fix. Yes, your IT or Security team (or designated IT Security role, or outsourced IT Security partner) can implement and manage solutions to help protect the business, but without strategy and guidance from the leadership team how do they know what to protect? Time and money are precious, and certainly not infinite- without strategy and guidance who decides where the focus and budget is and how do they determine what to focus on? Furthermore, how can the business truly determine what the budget should be in the first place? That is only half the battle however- mandating and implementing policies and procedures to secure the business processes is arguably an even more important weapon in the fight against Cyber Threats than technical ones. Senior Management and Business owners don’t just need to ‘buy-in’ to this, they need to be ‘all-in’- Projects to implement controlled policies and procedures have to come from the top or they will go nowhere. On the face of it this may seem counter-intuitive- surely resources are best used to implement the latest and greatest multi-factor security tokens and next-generation firewalls to stop attackers gaining access to your business’ (and your clients) financial data? That’s great- until you realise that your finance administrator has been copying critical budgetary spreadsheets onto a USB stick every night to work on at night on their home computer, or your marketing manager uploads your client database weekly via a free, publicly-accessible file-sharing tool to work on over the weekend. Both perfectly innocent and well-meaning acts no matter how fraught with risk and in breach of any number of regulations- unless the Leadership dictates that no, that’s not how we do business and accordingly, IT have been instructed to prevent it.
The Cyber Security strategy and practices that a business adopts must be informed by everything that organization does-from its business operations and strategies to its assets and IP. Naturally owners, senior management and boards are in the best possible position to have this holistic view and direct the Cyber Security strategy accordingly to protect what matters most. As a Business owner or Leader you may not fully understand or appreciate the threats your business faces but that’s okay, there are resources and partners that can help you do that. But you do understand your business, and taking responsibility for Cyber Security shows you also understand how to set your business apart from the competition and set it up to succeed.