5 Ways to Gain Executive Level Support for Cybersecurity
Cybersecurity has evolved from an IT project to a global concern with The National Infrastructure Advisory Council warning of a catastrophic cyber-attack in the near future. Government and businesses alike are scrambling to piece together the cybersecurity puzzle, and as a result, executives are now responsible for addressing the security of their organization. In a study by IBM Security, cybersecurity is viewed as a top concern by 68% of CxOs. So, why the change in thinking? And how can you engage your top executives? Take this National Cybersecurity Awareness Month to bring attention and support to your cybersecurity posture.
Breaches Resulting in Legislation
A major data breach per month is the new normal in 2017. According to the Breach Level Index, over 5 million records are stolen per day, which equated to 216,169 every hour, and over 3,600 every minute.
If you feel you are impervious to cybersecurity concerns because you don’t have coveted data or your organization is far too small for hackers and attackers to pay mind to, think again. Fifty percent of cyber-attacks target large enterprises, but the other half focus solely on small businesses. There is in fact, so much concern for small businesses that a house bill has been introduced called the NIST Small Business Cybersecurity Act, which would increase resources from NIST on best practices and guidelines to “help reduce cybersecurity risks”. According to Ponemon’s 2017 Cost of a Data Breach, 1 in 4 organizations will experience a data breach. But it’s not the breach itself that defines the fate of your organization, it’s your preparedness, security, and privacy posture.
Having a strong security posture plan means executive level support and buy in. And at this moment, you have their attention. It’s up to your security and privacy team to develop and communicate a proper vision to share with executive leadership to gain support and garner trust. Here’s where you can start.
Gaining Executive Level Support
1. Align your concerns with executive level concerns. How does cybersecurity affect customer churn? Can it potentially affect revenue? How does your cybersecurity posture affect information security and compliance with government regulations? Make direct correlations with the big picture concerns of the business.
2. Break Down Silos in your organization and gain support by speaking the executive’s language. The only way to raze a silo is to create a unified vision. Take a human approach. Be practical and explicit about potential threats to the organization and your plan moving forward. Collaborate with security advocates in other departments, and use their point of view on security concerns.
3. Educate executives on your current protocols and the potential threats facing your organization. Although C-suites and above tend to be informed, don’t assume that they know about every security concern. Use evidence that directly align with your business to communicate your message.
4. Present a Path Forward with a Technology and a People Approach. 60% of cyber attacks are carried out by insiders. Make sure you are addressing security from the inside out. Present a path forward that involves data protection and people training. With a stronger workforce, team members will be an asset to your security posture, saving valuable time and resources for the executive team.
5. Forge Genuine Relationships in your quest. You may feel like a bother when it comes to capturing executive attention, but with persistence and genuine concern for the business, you can create trust between the c-suite team and yourself. With a solid relationship, your cybersecurity program is more likely to become a success.
The Foundation of Your Cybersecurity Program
Every organization is different, so an impactful cybersecurity approach should be tailor made. What’s synonymous with most every organization , however, is the need to protect sensitive data (i.e. customer, prospect, proprietary, employee information). Creating a strong data protection posture coupled with employee training will offer a strong foundation for your cybersecurity program.
Cybersecurity will continue to be an ongoing project for organizations as global threats continue to evolve. Executive level support and organizational vision will be paramount to the success of your program.
Click Here to contact a member of the FairWarning team.