The cyberattack on ‘Equifax’ is a reminder for all CEOs involved with data. The CEOs need to reset their approach to risk and security, else, they will face consequences of cyber glitch.
In this article at CIO, Tom Scholtz explains that regulatory trends indicate the need for escalating responsibilities of executives in reporting and preventing cyberattacks.
It is just another aspect of the growing risk that can be eliminated by resetting approach to risk and security. Adopt a security program to create a balance between the need to protect and the need to run the business. Here are some reasons to give sincere attention to the fast-growing cybersecurity breaches:
- Broken Accountability: To succeed, organizations need good accountability. But that also imposes a risk of getting fired. Being the high position holder in the organization, CEOs are held responsible. Without good risk engagement, there is no accountability. Strong accountability models, in which risks rest with those who have the authority to address them, ensure that systemic security problems are not allowed to fester.
- Cultural Disconnect: Often CEOs make the mistake of bringing known resources on board with whom they share cultural or past professional connect. These known people are aware of their strengths and weaknesses and might plan against you. So, hire the right people with the right technical knowledge that can reduce your vulnerability.
- Patchy Business: Many organizations have a handful of servers that never get patched due to lack of conscious business decisions made by the executives. It could be a business unit executive making the call that never gets recorded. Invisible, systemic enduring risks are everywhere. Therefore, the CEOs need to take conscious decisions regarding what an organization will do, and what it won’t do to protect itself.
- Security Officer Defends the Organization: Security staff is hired considering their expertise in protecting the organization. This may turn into a major risk factor. Placing people in-charge of protecting business outcomes that they do not understand is itself a warning sign. Therefore, organizations engage their executives or CEOs and hold them responsible for the risk.
- Money Can’t Resolve Problems: Many organizations double their security budget in a bid to build unsustainable solutions. Lack of consideration for ongoing operational costs are the most common reasons for problems. Hence, try to avoid negative business outcomes by improving operational cost and the ability of the organization to function.
- Risk Tolerance: Organizations create generic statements about risk mitigation that do not support good decision-making. Avoid promising to only engage in low-risk activities. This is against good business and creates another good reason to fire you if you engage in risky activities.
Click on the following link to read the original article: https://www.cio.com.au/article/644743/why-more-ceos-will-fired-after-cyberattack/?fp=16&fpid=1