5 Questions CEOs Want Answered about Data Protection
In today's ever-changing cybersecurity landscape, your IT security team needs to be able to respond to critical incidents and policy questions in the event that the unthinkable happens. Data protection and cybersecurity were, until recently, believed to be the domain of CIOs and IT departments. All that changed with recent incidents and expensive data breaches, with more and more CEOs and boards of directors stepping in to take an active involvement in decisions around cybersecurity and data protection strategiesAccording to Accenture’s 2018 State of Cyber Resilience report, CEOs and boards had the ultimate say in cybersecurity issues in 66% of the surveyed companies and 59% of cybersecurity budgets were authorized by the boards of directors or CEOs, a 33% increase from 2017. We see this trend continuing in 2021 and beyond.
As CEOs and boards take a more active role in cybersecurity strategies, CIOs and CISOs need to take cognizance of their concerns and prepare their teams to answer them.
1. Are we compliant?
Business leaders and board members are sensitive to increasing compliance requirements. CEOs’ number one concern is ensuring that companies avoid unnecessary fines and the scandal and loss of customer trust that accompany major data breaches. The question compliance often has a bearing on CEO’s own careers as well, with many of them having to resign in the wake of a major data breach.
With complex data protection and data governance rules at play backed by legislation in different geographies, CEOs wonder whether their company is compliant at all times. Adequate cybersecurity software and processes in place is a bare minimum expected - and many have taken inspiration from the European Union’s GDPR. It is also worth noting that many of these new or updated laws feature an extraterritoriality clause.
It is therefore important that companies doing business across borders, even if only digitally, ensure that they have looked into compliance requirements for all countries they collect sensitive data from.
2. Are we prepared?
While awareness of breaches and cybersecurity is on the rise, a recent IBM report found that 77pc of 2,800 security and IT leaders said they did not have a formal cybersecurity incident plan in place. Almost half of the professionals surveyed said their response plan was ad hoc, if one existed at all. Creating an effective cybersecurity preparedness plan is a mix of implementing company-wide, procedural policies; utilizing data protection and taking technical precautions to protect your data; and putting a reactive plan in place in case the worst case does happen.
3. Does the entire organization have a cybersecurity mindset?
Businesses investing heavily in cybersecurity often base their investments on technology, but don’t sufficiently attend to the human side of it — which remains the top cybersecurity risk for many organizations. Such a mindset ignores the fact that most of the cyber breaches result from employee actions and vulnerabilities inherent in various business processes.
Employees need to know what to do – and what not to do – when it comes to using email, the internet, and social media. Do they?
4. What is the plan for responding to any cybersecurity incidents? Has it been tested often?
What if our organization’s network was compromised today? Are you prepared to respond to a data security breach or cybersecurity attack? Can all data be protected even when devices are not connected to the company network? Do we have a well oiled cybersecurity incident response plan? Has it been tested?
In 2021, it is far more likely than not that the organization will go through a security event. The business impact could be massive which could question the continuity of the business itself.
5. What is the plan for handling insider threats?
Insider threats aren’t necessarily current employees, they can also be former employees, contractors or partners who have access to an organization’s systems or data. Is there an effective plan to handle insider threats without compromising employee and other stakeholder productivity? For CEOs, employees’ productivity affects the bottom line. Archaic and complex policies can also undermine compliance efforts by pushing frustrated employees to look for methods of circumventing these complex, but often not infallible, policies.
As CEOs and boards get more and more involved in cybersecurity oversight, CIOs and IT managers must be prepared to answer all their concerns and work together with them to build efficient cybersecurity frameworks that will ensure both compliance and protection against data breaches.
Tell us about your project, and we'll pinpoint the best solution for your needs.
Email Us
