Subscribe

CEOs must become 'chief trust officers'

Cyber security responsibility must rest on the head of the leader at the highest level.

MJ Strydom
By MJ Strydom, MD, DRS, a Cyber1 company
Johannesburg, 07 May 2019

Pity the fate of CEOs of major corporations that have suffered high-profile cyber security breaches? Well, maybe not?

C-suite executives are assigned with the role of managing and growing the business through the establishment of solid customer relationships, but never forget the latter are based not only on good service and quality products but on trust. Essentially, this means the CEO must be the chief trust officer of the company.

If one considers that years of curating a brand strategy can be obliterated with one cyber attack, assigning security strategy to the chief information security officer is no longer enough. There is too much at stake. Responsibility must rest on the head of the leader at the highest level.

CEOs who decide to delegate the task without personal involvement in the development of a cyber security strategy do so at their peril. They would do well to examine the fates of CEOs at companies with high-profile breaches who are now 'pursuing other interests' following the evaporation of their corporations' brand value due to these attacks.

Customers are unforgiving and in our digital age have many choices; break the trust and you will lose the business.

CEOs need to verify efforts and fund protective measures if they are to ensure cyber security is an integral part of companies' business models.

Successful cyber security measures implemented at the highest level is not an option, it is crucial.

Assigning security strategy to the chief information security officer is no longer enough. There is too much at stake.

The cost of cyber attacks is simply too great to not succeed in mitigating every threat, every time. Customer trust is obliterated in moments, and the impact is significant on brand reputation and costs incurred in the scramble to win back business.

Moreover, it is important to never underestimate the importance of compliance. The General Data Protection Regulation (GDPR) and other government regulations have the capacity to bankrupt businesses that do not comply.

It is critical for organisations to incorporate cyber security into their long-term growth plans. Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The CEO and executive team need to lead the way in setting the standards and investing in securing their customers' experience.

2018 research revealed the stakes for cyber attacks appeared to be higher than ever. Attention-grabbing data security incidents continued to make the news and included the largest distributed denial-of-service attack ever recorded at 1.7Tbps.

In the European Union, GDPR went into effect on 25 May 2018, imposing strict new rules on how personally identifiable information (PII) is collected, processed and controlled. Additionally, crypto miners infiltrated networks looking for a quick score.

So we appear to have entered a 'post-trust' era where organisations and individuals are increasingly wary of accepting promises of security at face value. Every time consumers interact with a brand, they make a judgement about whether they trust a company enough to share their PII.

Successful cyber attacks break the trust that companies have worked hard to establish between their brands and customers. Ramifications are no longer the sole responsibility of security professionals; C-suite executives are accountable as well.

Radware's annual Global Application & Network Security report for 2018/2019 provides insights into the complex challenges faced by organisations as they fight to protect their brands.

Key findings included:

* In 2018 alone, the initial costs attributable to cyber attacks increased by 52% to $1.1 million.
* Organisations that modelled overall costs of cyber attacks to their firms estimated the amount at nearly double versus companies that did not model costs.
* Two in five companies reported negative customer experiences and reputation loss following a successful attack.
* Ninety-three percent of respondents experienced a cyber attack in the past 12 months; only 7% claimed not to have experienced an attack.
* Cyber attacks were a weekly occurrence for one-third of organisations.
* The primary impact of cyber attacks was service disruption, reported by almost half of respondents. Attacks resulting in a complete or partial service disruption grew by 15% and hurt productivity.
* Cyber ransom continued to be the leading motivation of hackers and was the reason for 51% of the attacks.

Protecting against cyber attacks requires a significant investment that falls on the operating expenses side of the balance sheet. Naturally, organisations are always exploring ways to conserve funds.

But how much is enough when you factor in the risk of cyber attacks penetrating defences and impacting businesses? This is a question that all CEOs should have at the front and centre of their management policies.

Share