How committed is your company to cybersecurity? Recent reports show the answer isn’t very straightforward. In many cases, the CEO and CIO have different ideas of what data security means, and why it matters. It’s time to get both tech and business leadership on the same page in making data security a top priority.
Understanding the Divide
In a recent survey, nearly 80 percent of CEOs noted their organization was either “well” or “very well” prepared by a cyber incident. That’s great news, right? Except when the same question was posed to CIOs in a different survey, that number fell to 22 percent. Clearly, something’s off in the C-suite. When it comes to making data security a top priority, CEOs think they already have. But CIOs see a completely different picture.
Making data security a top priority in today’s marketplace means improving communication between these two groups—and soon—and creating a unified culture of security from the top-down. The following are a few tips to get started.
Making a Case for Cybersecurity
It wasn’t always part of a CIO’s job description, but in today’s marketplace, the CIO needs to be a communicator and champion of data security—not just in the tech department, but in the C-suite and board room, as well. What does making data security a top priority look like?
- Aligning cybersecurity with business goals. CEOs need to understand how cybersecurity will impact their business goals—not just network accessibility. Become part of the discussions surrounding the goals of the business and interject the ways cybersecurity needs to be part of the process. Think of it as an education process. You’re learning about business—they’re learning about IT.
- Communicating ROI. CEOs speak money, efficiency, and growth. CIOs need to be able to communicate the benefits of cybersecurity in these terms so it’s not seen as an optional—and expensive—line-item in the budget. Communicate the value of your company’s data—what it would mean to lose it—how long systems would be impacted during a ransomware attack—and how much money it would take to recovery the lost assets. Cybersecurity is like preventative healthcare. It costs a pittance of the price tag of a single data breach. Argue this case effectively.
- Show what’s possible. Not all data needs the same level of protection. Help alleviate the CEOs fears of a major cybersecurity investment by ensuring that some data will require less security than others. (On the other hand, help them understand that compliance measures aren’t enough to keep data secure. Push for greater security when you know it’s needed.)
- Push for cybersecurity throughout the product lifecycle. Ultimately, the cybersecurity team needs to be involved from the start of product development so that teams can understand risk and cybersecurity measures needed to prevent them. And not just at the start—at every step throughout the product’s lifecycle. Help the CEO understanding that knowing the risk now is far better than trying to contain it later.
Why Making Data Security a Top Priority is a Top-Down Job
I realize I’ve just put a lot of responsibility on the CIO in terms of communicating the importance of cybersecurity to the CEO, but that’s because ultimately, it’s the CEOs job to drive change within an organization. If you can’t get the CEO on board, none of these changes will likely be adopted at any level. As I’ve discussed many times, culture is a critical factor in digital transformation. Ultimately, it can make or break the adoption of a new technology or security measure. That’s why making data security a top priority needs to come from the top and penetrate the entire enterprise—through every step of every process your company develops.
It may not have been in their old job description but creating this type of culture will do more than just make your job less stressful. It will keep your entire company safer, your customers more confident and loyal, and your company free of data breaches that would threaten its forward growth or reputation. Making data security a top priority is a big job—perhaps the biggest in today’s digital environment. That’s why it’s so important to start working together now.