As IT professionals, we often feel that the entire weight of cybersecurity rests upon our shoulders. Despite all our effort and hard work keeping the company safe, we know that some hacker somewhere might figure out a way around all our countermeasures. We lose sleep knowing just how catastrophic the damage could be as attacks cascade off one another, cleanup costs go through the roof, and productivity is at a standstill until all systems are restored.
But should we bear that burden alone? Is cybersecurity really just an IT problem? The answer is no.
At its highest level, cybersecurity is a business problem. At the boardroom level it is a matter of prioritizing risks and budgeting the right amount to address each risk. It is also a matter of being prepared to deal with regulatory fines, lawsuits, public relations, and a host of other non-IT problems that arise in the aftermath. While related to IT, these are business problems that require input and wisdom from the company’s top executives. According to Ponemon’s 2015 Cost of Data Breach Study, just getting the board level executives involved will lower the overall cost of a breach by 3.57%.
Overcoming IT’s Technical Hurdles
The technical nature of the subject is one of the biggest hurdles IT professionals face when trying to get busy executives and business owners to participate in cybersecurity decision making. At Threat Sketch, we understand that problem, and for that reason our risk assessment tools are built to frame cybersecurity in a business context that is suitable for boardroom discussion. We do this by mapping executive-level wisdom and strategic concerns to a very broad picture of the global cybersecurity landscape. It creates a situational “sketch” (a Threat Sketch, if you will) that reveals the enormous risks the company faces as they relate to high-level threats like Denial Of Service, Phishing, Crimeware, etc. With a high-level picture that everyone can wrap their heads around, executives and IT professionals can fill in this sketch with specific solutions that are given appropriately sized budgets, and make good choices about which threats need to be addressed first.
Lastly, a Threat Sketch Risk Assessment also teases out non-IT problems like regulatory issues, lawsuits, and damage to the company brand. Seeing exposure in those areas will prompt the executive team to spread the burden of cybersecurity to other functional areas of the organization as well. Instead of the IT team being the only one on the hook in a time of crisis, the company can have legal, insurance, and a host of other disciplines ready to step in and share the burden.
The time to act is now. Get your executive team involved and up to speed before a competitor gets access to early R&D, or a skilled cybercriminal manages to encrypt all the company’s records. Let a Threat Sketch Risk Assessment be your Rosetta Stone that allows strategic business owners and executives to see for themselves the full impact of a cyber attack. Threat Sketch offers both free and premium Cybersecurity Risk Assessments that are tailored to small and medium businesses. Please check out our product page to learn more.
About the Author: Rob Arnold, founder and CEO of Threat Sketch, has worked in internet security for over 20 years, including launching his own consulting firm to provide executive IT and security consulting to small, medium and Fortune 100 companies.