The cyberattack on ‘Equifax’ is a reminder for all CEOs involved with data. The CEOs need to reset their approach to counter risk and maintain security, else they will face the brunt.
In this article at CIO, Tom Scholtz explains that regulatory trends indicate the need for taking responsibility for boards and executives in reporting and preventing cyberattacks.
It is just another aspect of burgeoning risk that can be eliminated by resetting approach to risk and security. Adopt a security program to create a balance between the need to protect and the need to run the business. Gartner explains enough reasons for CEOs to worry about their job over cybersecurity breaches. Let’s take a look:
- Broken Accountability: To succeed, organizations need good accountability. But that also imposes a risk of getting fired. Being the beholder of high rank in the organization, CEOs are held responsible. Without good risk engagement, there is no accountability. Strong accountability models, in which risks rest with those that have the authority to address them, ensure that systemic security problems are not allowed to fester.
- Cultural Disconnect: Often CEOs make the mistake of bringing known resources on-board with whom they share cultural or past professional connect. These known people are aware of your strengths and weaknesses and might plan against you. So, hire the right people with the right technical knowledge that can lessen the chance of being attacked and stay out of the headlines.
- Patchy Business: Many organizations have a handful of servers that never get patched. The problem is that no conscious business decision is made. It could be a business unit executive making the call that never gets recorded. Invisible, systemic enduring risks are everywhere. Therefore, the CEOs need to take conscious decisions regarding what an organization will do, and what it won’t do to protect itself.
- Security Officer Defends the Organization: Security staff are hired considering their expertise in protecting the organization. This may turn into a major risk factor. Placing people in-charge of protecting business outcomes that they do not understand is itself a warning sign. Therefore, organizations engage their executives or CEOs and hold them responsible for the risk.
- Money Can’t Resolve Problems: Many organizations double their security budget in a bid to build unsustainable solutions. Lack of consideration for ongoing operational costs are the most common reasons for problems. Therefore, avoid negative impacting business outcomes by increasing operational costs and potentially damaging the ability of the organization to function.
- Risk Tolerance: Organizations create generic statements about risk mitigation that do not support good decision making. Avoid promising to only engage in low-risk This is counter to good business and creates another good reason to fire you if you engage in risky activities.
Click on the following link to read the original article: https://www.cio.com.au/article/644743/why-more-ceos-will-fired-after-cyberattack/?fp=16&fpid=1