In our recent podcast series, West Coghlan, senior editor for technology at the Economist Intelligence Unit (EIU), unpacked the findings of the 2016 EIU study, The Cyber-Chasm: How the Disconnect Between the C-suite and Security Endangers the Enterprise. The study surveyed 1,100 C-suite and senior technology executives at companies across the globe and sought both to uncover the cybersecurity challenges today’s enterprises face and to offer solutions for improving security measures going forward.
Each podcast took on one of the major findings from the EIU study. Use the links below to listen to the each episode.
One of the primary cybersecurity challenges facing enterprises today is a lack of consensus among technology leadership and C-suite leadership on the importance of cybersecurity. While senior technology leaders named security as the number one concern for the business, the C-suite ranked it as number seven on a list of eight key priorities. This disparity between technology and C-suite executives results in insufficient budget, personnel, and support from executive leadership, opening companies to vulnerabilities and attacks that have major consequences for the business as a whole. In order to maintain cybersecurity, it’s critical that technology leaders and the C-suite close this priority gap.
When it comes to security, the C-suite agrees that the most important thing to protect is brand reputation. The modern threat landscape is populated by an increasingly sophisticated, well-funded legion of cybercriminals. Instead of cyber attacks focused on specific parts of the enterprise, cybercrime today examines all possible points of entry into a company. Cyberattackers quickly pivot through organizations to access vital transaction and CRM data and customer lists. Overnight, companies that have spent thirty years developing brand trust suddenly find their reputations in arrears. Protecting customer data from cybercriminals is essential to maintaining brand reputation.
Security measures are often viewed as hindrances to employee productivity, especially in the eyes of the C-suite. And when company leadership doesn’t prioritize security, there’s a trickle-down effect that happens company-wide. If security programs are constructed in such a way that they decrease employee productivity and if there is a lack of emphasis on security at the C-level, employees will forgo security policies long before they will opt to decrease productivity. In order to defend against today’s sophisticated cyberattacks, three things are necessary:
- CIOs and IT leaders need to mobilize, convince the C-suite and board of the importance of cybersecurity, and drive home the point that security is no longer just an IT issue — it’s an enterprise-wide issue.
- Emphasis must be placed on developing a company culture of security. This means proper security protocol and compliance training for employees, customers, and vendors.
- Prioritization is essential. Security experts agree that companies can’t defend everything. Security measures should focus on protecting customer lists, CRM, and transaction data.