There are board members who give CEOs cyber-headaches. Some buy into the media hype about data breaches and repeatedly question a decision-maker’s choices about critical next steps to secure digital assets. Others tend to second-guess a CEO’s strategy, believing they are well-versed in cybersecurity. But the biggest problem stems from an increased number of board members wanting detailed answers to questions because they base investment decisions based on cyber-risk. A recent Gartner survey uncovered these statistics.
While CEOs may be passionate people with their fingers on the pulse of an operation, board members typically need answers they wrap their heads around. These are common — sometimes exacerbating — questions CEOs are asked and suggestions on how to answer them.
It’s not unusual for this question to be more an expression of frustration. From a board member’s perspective, the outfit makes sizeable investments into cybersecurity. The notion they expect a return on investment is not necessarily unreasonable. But the idea that throwing money at a problem solves it does not hold water either.
It may be in a CEO’s best interest to begin by outlining the incident, explaining the impact and mitigation steps that have been taken. Then, defer to your cybersecurity specialist to delve into the details about next-steps strategies that can minimize this type of breach and others going forward.
This ranks among the many questions from board members who generally do not understand how cybersecurity works. Given the complexities and wide-ranging threats, this could be a difficult question to answer. But a savvy CEO can turn the “100 percent” question into an opportunity by having your cybersecurity expert help field it. Given that you cannot educate a board member on the spot, consider providing an answer that speaks to something they might find tangible — investment.
Cybersecurity is comparable to a chess match. For every move a hacker makes, you come up with a solution. The more elaborate their schemes, the better your strategies. But because no one can know what the next threat will be, your organization budgets ahead to have the resources to pivot and defend. Current investment has been allocated to minimize known threats and keep a cybersecurity consultant in the fold to monitor emerging ones. No one is ever 100 percent secure, but this company does everything possible to keep our digital assets safe.
When board members buy into the media hype about cybercriminals upending nation-states, that question comes with an ominous tone. Yes, it’s bad out there because hackers relentlessly develop increasingly clever methods to work around even robust defenses.
It may be the case that your board needs some comfort. CEOs can brighten their outlook by offering the “low-hanging fruit” scenario. Explain that hackers troll the internet searching for outfits with subpar defenses. Many digital thieves simply want an easy score. They prefer organizations with weak defenses they can pluck like low-hanging fruit.
This organization enlists the help of a cybersecurity expert to ensure your defenses are tough to penetrate. In most cases, cybercriminals will move on and find a vulnerable company rather than waste their time and energy trying to breach your network.
As a managed IT firm that works with businesses in the Dallas-Fort Worth area, we understand the enormous pressure boards bring to bear regarding cyber-risk. By working with Data Magic, CEOs can have a full review conducted, harden weaknesses, and implement a proactive strategy. As a leading cybersecurity firm, we monitor emerging threats and deliver real-time intelligence to industry leaders. Your board’s questions won’t keep you up at night knowing you have a determined cybersecurity firm on top of the situation.