Three ways to collaborate for smart cybersecurity
The stakes are high in enterprise security. Data breaches can damage your organization’s reputation and result in significant costs (USD 3.86 million per breach on average, per the just-released Ponemon annual “Cost of a Data Breach” study). They can also destroy customer trust. Recent research by leading firm Solitaire Interglobal Ltd. found that more than 78 percent of customers would not automatically return to a business following a data breach. In short, data breaches are bad for business.
You’re likely aware that data breaches impact the whole C-suite. Systems across the entire enterprise are potential cyberattack targets. And increasingly, CEOs and other executives are facing consequences — including reputation damage and termination — when breaches occur.
Yet despite prioritizing cybersecurity, you may feel disconnected from enterprise security decisions. A recent IBM survey of 700 executives found that “many C-level executives feel out of the loop when it comes to being closely involved with decisions about cybersecurity issues, policies and procedures at their companies.”
How can you become more involved in cybersecurity decisions while still focusing on core priorities?
Collaboration is key
The antidote to disconnection, according to the IBM survey, is collaboration. At many enterprises, executives collaborate frequently to share findings related to cybersecurity, discuss them and make joint decisions. When you and your fellow executives — from the CSO to the CIO, CMO and CFO — work together, data security becomes everyone’s job. Transparency increases, and optimal cybersecurity decisions are made.
Here are three ways you can collaborate to enhance cybersecurity.
1. Check in regularly with your CSO
If you’re like most C-suite executives, you receive regular security briefings in the form of reports or dashboards. These technical briefings can only teach you so much. Regular, informal discussions with your CSO will help you understand the major security issues and how they may impact your areas of concern. You can also use these meetings to get quick answers for your most urgent security questions.
A secondary benefit of these chats is relationship building. Build a partnership with your CSO now, and it will pay dividends if you need to pull together to handle a security crisis.
Your enterprise security team should also check in regularly with you and other executives. Make sure a security representative attends board and other executive meetings to brief leadership on ongoing security measures and raise potential red flags.
2. Involve security in key enterprise decisions
Cybersecurity impacts data and information systems. That means it relates to many strategic decisions your enterprise will make. By involving your CSO at critical points in these key decisions, you can avoid pitfalls and proactively safeguard against threats.
Consider a CHRO who decides to shift the entire HR system to the cloud, or a CFO considering a new payroll system. If these executives don’t discuss their plans with the CSO first, they could violate company security regulations and expose sensitive data to risk. The two groups should meet before the contract is signed to discuss their respective needs and considerations.
Smart planning and collaboration keep both security- and non-security executives informed and on the same page.
3. Reframe security conversations
It can be tempting to view security as the naysayers of the business, always warning about what could happen or what should not be done. Such a view may steer some executives away from engaging with the CSO when they should.
Security conversations don’t have to be negative. You, the CSO and other executives are responsible for making them productive and positive. Discussions should focus less on how security concerns are holding business back, and more on understanding risks and alternatives. For instance, in the hypothetical CHRO example above, the CSO would likely raise concerns about migrating HR systems to the cloud. The CHRO could then suggest jointly determining a few alternatives that meet the CSO’s security requirements and the CHRO’s cost and flexibility needs. By seeking “win-win,” executive leaders can optimize their collaboration and relationships with security leads.
A final thought: Stay informed
Enterprise security is everyone’s job in the C-suite. Having the right conversations with security executives at the right times will keep you in the loop on key data security decisions and issues.
That said, consider investing a little time in cybersecurity education. You don’t have to become an expert. But you should know basic concepts and terms as well as be plugged in on the latest security issues, from the most recent high-profile data breach to any looming data regulations. SecurityIntelligence.com provides news and insights that keep you in the loop on today’s critical data security issues (full disclosure: this is an IBM-sponsored site).
Collaboration, supported by a base of security knowledge, will help ensure an engaged executive team and a secure enterprise.