Cyber threats are on the rise across the globe — and no company is immune to the potential fallout a cyber attack can create. What was once seen as a “tech industry” problem has escalated into a crisis that should concern every high-level executive, especially CEOs. In a recent survey by UK professional services and auditing firm PricewaterhouseCoopers (PwC), cyber security catapulted to second place in CEOs’ top concerns in 2017 — and with good reason. Cyber crime is costing the global economy hundreds of billions of dollars — as much as $450 billion in 2016 alone, according to a recent CNBC report.
The ripple effect of cyber attacks
In the last five years, data breaches have hit multiple companies, including well-known brands like Target, LivingSocial, Sony, Yahoo!, Equifax and JPMorgan Chase. The impact of these breaches is profound, and the loss of millions of dollars is only part of the problem. Data breaches shake consumer confidence and cause damage to a company’s overall brand perception that can take years to repair. Not only that, customers who find themselves with compromised data must live under the constant threat of that data being used, no matter how many precautions they take.
Cyber security breaches can cost CEOs their careers
In addition to all of these issues, there’s another potential casualty when a cyber attack occurs — the CEO’s job. In almost every one of the data breaches noted above, the CEO was ultimately forced to step down or directly fired as a result. Even if a CEO can manage to stay on, the consequences of a successful attack on his or her watch can still be painful. In 2017, Yahoo! CEO Marissa Mayer survived being let go for the company’s 2014 data breach, but gave up her cash bonus estimated at $2 million, as well as a performance-based equity grant of $12 million.
In almost every one of the data breaches, the CEO was ultimately forced to step down or directly fired as a result.
The lesson here for CEOs is quite clear: No longer does responsibility for cyber security rest solely on the shoulders of the CTO or CIO. If it happens on your watch, it’s going to cost you, too.
How CEOs can get smart about cyber security
A recurring complaint made by CEOs is that they are expected to account for cyber security risk management, but are not properly educated on how to do so. However, the market is quickly correcting itself to support CEOs in managing this information deficit. Today, there are a variety of programs and seminars geared toward educating and arming executives with the knowledge they need to make critical decisions about the path forward for cyber security within their companies. CEOs can learn about compliance, data security, security testing, implementation, loss and contingency planning, all tailored to the needs of their specific role in the company.
The purpose is not to turn the CEO into the CTO or CIO, it’s to arm them with information in a language they understand. If a CEO truly wants to protect both their company and their career, investing in such programs should be a key priority.
Now, more than ever, executives — and CEOs in particular — need to develop a keen understanding of the cyber security issues at hand so they can make informed decisions that best benefit all their stakeholders, from the board and investors to the customers and employees and anyone else in between.
Source: National Cyber Security Center www.cyber-center.org