To many of us, cybersecurity is a source of fear. As technology continues to change the way we work, business leaders face ongoing pressure to innovate without adding further risk to the organization. They understand that cyber threats are economic disablers, and that their pervasiveness requires an ever-stronger cybersecurity presence. With data breaches frequenting headlines these perceptions are only amplified. It’s hardly surprising that many in the digital security space rely heavily on scare tactics to raise awareness. What isn’t as common is the perception of digital security as a source of hope, a way to add value to the business. That’s the message today’s security professionals need to convey.
Out of Touch Perception #1: Cybersecurity Is Merely a Necessary Expense
According to a recent study by Accenture, the average cost of cybercrime to an organization has risen from $1.4 million to $13 million in just nine years. Another study by Gartner forecasts global cybersecurity spending to exceed $124 billion this year. Faced with statistics like these, it’s unsurprising that cybersecurity is widely considered an expense, a necessary cost burden that no business can afford to neglect. Unfortunately, looking at cybersecurity this way feeds a vicious circle of increasing fear, which paves the way for more spending and more sophisticated attacks. However, money alone can't solve the problem. More often than not, the real risks lie with employee negligence and insider threats. Simply throwing more money at the problem can also lead to a false sense of security.
To change the misconception that cybersecurity is an expense rather than an investment, CISOs need to garner a closer understanding of the business problem, rather than focusing only on the risks that modern technologies bring to the workplace. To empower innovation and convince everyone to own their risk, they need to position cybersecurity as an investment that will raise profitability and add value throughout the organization. By investing in cybersecurity, organizations can build trust and earn more customers in an age when privacy and security are some of the most permeating concerns of all.
Out of Touch Perception #2: Digital Risk Management Is IT’s Responsibility
We recently conducted a survey to determine which departments own risk in today’s organizations - we found that dedicated information security teams were responsible for digital risk management in just over half of organizations, while IT departments were primarily responsible in 30% of cases. Marketing teams, by contrast, only took a 1% share in the responsibility, in spite of being on the front lines of brand reputation. From these findings, we can clearly see that cybersecurity is still viewed as a technical challenge rather than something that concerns every facet of an organization. However, in light of increasingly stringent regulatory directives, such as Europe’s GDPR, there’s now an increasing disparity as to whom should be responsible for digital security, privacy, and compliance.
The short answer is that everyone is responsible. It’s time to stop thinking of cybersecurity as a technical or administrative problem and instead start viewing it as a people-driven process, one that’s completed by technological and administrative solutions rather than driven by them. After all, attackers always traverse the path of least resistance, which typically isn’t the CISO or the infosec department. Instead, they often target marketing teams, supply chains, human resources departments, and third-party vendors. Today’s CISOs need to maintain close ties with executives throughout the organization to instill a culture of accountability and awareness. Leading by example emphasizes the fact that everyone should be a good cyber steward and take their fair share of responsibility to protect the organization.
Out of Touch Perception #3: Digital Security Is a Blocker of Innovation
The digital economy continues to change the world. Statista estimates that there will be 75 billion internet-connected devices by 2025. That’s ten devices for every person on Earth. This staggering figure illustrates not only how connected we’re becoming, but also how enormous the cyberattack surface will become. Cloud, mobile, social media, and IoT technologies continue to generate increasingly vast amounts of data, and global IT traffic continues to soar. By now, most business leaders know that, in order to keep up with the growing demands of today’s market, they need to innovate. However, this may mean adding risk to the organization as new technologies end up being their greatest enemy.
As attack surfaces increase, and new technologies present both risks and opportunities, it’s easy to view digital security as a blocker of innovation. For example, incorporating social and mobile technologies into core business processes can add enormous risk. At the same time, neglecting them in today’s connected world is tantamount to corporate suicide. Fortunately, there are ways to use these, along with many other, technologies, without adding risk to the organization. By garnering a closer understanding of the business challenge, while leveraging their technical expertise, CISOs can position themselves to become leaders of innovation. By adopting the principles of security and privacy by design and default, information security can spearhead innovation.
SafeGuard Cyber helps CISOs manage digital risk on social media, instant messaging, and collaboration networks with coverage for over 50 online channels. Request your demo today to see how it works.
July 6, 2020