Express Computer
Home  »  News  »  Keep your job after a cyberattack

Keep your job after a cyberattack

7 reasons why more CEOs will be fired over cybersecurity breaches — and how to prevent it

0 268
Read Article

- Advertisement -

7 reasons why more CEOs will be fired over cybersecurity breaches — and how to prevent it.

The theft of private data on 143 million Americans made the Equifax cyberattack one of the biggest in history. The company’s handling of the breach came under intense scrutiny, resulting in CEO Richard Smith resigning in September 2017 amid the turmoil.

It’s a sobering reminder for any CEO of the perils involved with data breaches.

Regulatory trends indicate increasing responsibility for boards and executives in reporting and preventing cyberattacks. While you can’t control if you get attacked, you can control your organization’s readiness to respond and weather the storm.

Gartner has identified seven reasons why more CEOs will be fired over cybersecurity breaches and how they can hold onto their jobs.

No. 1. Accountability is broken

More CEOs will be “held accountable.” Without good risk engagement there’s no accountability – “I just did what the security people told me to do.” Sell your executives on defensibility of decisions, not protection. Strong accountability models, in which risks rest with those that have the authority to address them, ensure that systemic security problems are not allowed to fester.

No. 2. The cultural disconnect

Many boards still believe cybersecurity is a technical problem handled by technical people, buried in IT. By hiring the right people with the right technical knowledge, you can lessen the chance of being attacked and stay out of the headlines.

- Advertisement -

No. 3. The server that never got patched

While there may be a legitimate business reason, many organizations have a handful of servers that never get patched. Conscious business decisions need to be made regarding what an organization will do, but more importantly, what it won’t do to protect itself.

No. 4. Your security officer is the defender of your organization

Security staff are hired because they’re experts and their job is to protect the organization. This silos the issue, placing people in charge of protecting business outcomes they don’t understand. Engage your executives — this is their risk.

No. 5. Throw money at the problem

You can’t buy your way out — you still won’t be perfectly protected. Avoid negatively impacting business outcomes by raising ongoing operational costs and potentially damaging the ability of the organization to function.

No. 6. Risk tolerance and appetite are fluffy

Organizations create generic high-level statements about their risk appetite that don’t support good decision making. Avoid promising to only engage in low risk activities. This is counter to good business and creates another good reason to fire you if you engage in risky activities.

No. 7. Social pressure

Blaming an organization for getting hacked is like blaming a bank for getting robbed. The difference is that the banks are defensible — most organizations aren’t. The first step to recovery is to admit you have a problem. Your actions reinforce how people perceive the problem.

CEOs need to reset their approach to risk and security to avoid getting fired. The purpose of the security program is to create a balance between the need to protect and the need to run the business.

Authored by Paul Proctor, VP Distinguished Analyst, Gartner


If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]

Advertisement

Advertisement

Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time
Leave A Reply

Your email address will not be published.