Our simple guide to assist CEOs with due diligence in cybersecurity for potentially selling their business or buying a company, or getting ready to evaluate an M&A deal, was written to help the business owner and executive who is ready to move to something else in their business and/or life. Whether that is to ensure the success of their business by protecting it with an effective security program or to have the necessary measures to sell it and move on with their life. A recent study by Gartner, shows once more, how much the CEO has on their shoulders related to the risk management of the company, even though they are not the CIO or security expert of their company.
According to Gartner, within the next four years, the CEO is likely to be liable for cyber-physical security incidents up to 75%. That’s a huge undertaking, whether in business for themselves as a business owner CEO or an executive that has a board of directors to report to and work with.
One of the statements made in connection to the review of the Gartner study, reveals that regulators and governments are most likely going to quickly react to an increase in cybersecurity incidents that come from the failure to secure CPSs (Gartner defines CPSs as systems that are engineered to orchestrate sensing, computation, control, networking, and analytics to interact with the physical world, including humans); and that there have already been moves to increase the frequency and details provided around threats to the critical infrastructure-related systems, which are owned by private industry.
So, while it is clear that the Gartner study focuses on a specific type of business CEO, it still leads us to the executive of any business and their liability when a cybersecurity incident takes place. When we look at past data breaches of major companies that have been in the spotlight, like Yahoo’s incident, executives lost their jobs and the company’s experienced financial and brand reputation loss.
The biggest challenge for business executives, that even Gartner points, is the struggle to monitor their networks. Often, CEOs, even CIOs, don’t know what’s there, and this is what allows hackers to sneak in unnoticed.
Reconfirming this notion is another recent study by Outpost24, where it was found that 57% of cybersecurity professionals admit that their security teams do not clear device purchases prior to accessing corporate networks.
Knowing what is on your network, who is accessing it, and having a way (monitoring system) to spot anything fishy are only some of the processes needed to spot an intrusion, stop it in the act and/or catch it at some point in the act and then stop it, and lastly, move forward with incident response so you can identify what’s been taken, communicate it, and clean up.
What happens when there’s only half an eye on the network is that intrusion gets unnoticed and the cybercriminals take all the data they want or shut down the network and interrupt business operations, you know the rest.
The essential message for this week’s blog is to evaluate what steps you’ve taken to have a security program that supports you and proves you did everything you could to protect your business. If you’re going to be held accountable, as a CEO or CIO, executives are all at some point questioned, at least by doing your due diligence in ensuring the company’s cybersecurity posture is effective, you will have that to stand up with you in court, in front of the panel of the board of directors, and with your customers and employees.
If you need help to protect your business and/or job as a CIO, CISO, IT security professional, and so on, get in touch. Schedule your free consultation!
Here, you find our FREE MyCSO cybersecurity offering for small businesses to get them started with protecting their business sooner than later. Take a look for yourself and share with your network of small business owners to help them get ahead of their cybersecurity risks too: https://training.ncxgroup.com/free/
Photo Courtesy of Peshkov Daniil