When it comes to cybersecurity, many CEOs don’t fully understand the urgency. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and are afraid of discussing what could be an intimidating topic, but this isn’t wise.
After The Ponemon Institute surveyed 5,000 IT professionals from more than 15 countries, including the U.S., it was discovered that over half of them believe their organizations’ security measures don’t provide suitable protection against cyber attacks.
However, some CEOs do work with their IT teams. These are mainly CEOs from tech companies. One such company is Okta. Based in Northern California, Okta’s goal is to go beyond passwords to better secure their information. According to the company’s CEO and Co-Founder Todd McKinnon:
“Securing your data with a single factor – a password – is a bit like locking up an expensive racing bike with a cheap chain and a padlock. It only stops unmotivated thieves. Ask any of the numerous companies that have grabbed the headlines this year. Single-factor authentication failed to protect the personal data of millions of people – and these companies paid dearly for the mistake.”
Andrew Chanin is the CEO and founder of New-York based PureFunds, a $1.2 billion-dollar company. PureFunds is a cybersecurity exchange-traded fund that invests in cyber security firms. When asked why he decided to start his company, Chanin stated:
“Cybersecurity has been growing regularly since its formation. Although cybersecurity was always a risk — ever since computers came about — recently, entire companies have fallen victim, as well as governments, to massive, costly cyber attacks. The U.S. Federal Government spent less than $1 billion on cybersecurity in 2000. For 2015, that number is $15 billion.”
The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:
- What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
- How is our executive leadership informed about the current level and business impact of cyber risks to our company?
- How does our cybersecurity program apply industry standards and best practices?
- How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
- How comprehensive is our cyber-incident response plan? How often is the plan tested?
When CEOs and IT work together, everyone wins. Take notice and follow the examples of tech companies. Make security priority-one so your business can flourish in all areas.