The Critical Role of Prioritizing Cyber Health

By Mario P. Vitale

The magnitude of cyber threats — they cost more than $173B in 2020 alone — often gets lost among line items at a typical board meeting. And while buzzwords like “attack” or “hack” are thrown around the boardroom, we need to have more meaningful discussions at the board level.

As business leaders, we need to prioritize comprehensive cyber hygiene across the organizations we serve. The consequences of exploits are no longer measured in downtime alone, but rather in financial losses, the erosion of public trust, and the breakdown of established corporate reputations.

Cyber risk can be both overwhelming and intimidating. It certainly doesn’t help that the cyber threat landscape keeps evolving, increasing in frequency and severity. These threats make maintaining cyber health difficult: it is critical for the companies you serve to remain focused on security.

Security teams should be empowered to help close the cybersecurity knowledge gap, while also making sure to invest time and resources in appropriate cyber protections throughout the organization. Directors and boards must make sure that those in charge of security, such as the Chief Information Security Officers (CISOs), are able to have direct lines to all ends of the business. Similar to a company’s CFO and/or their general counsel, a company’s security leader provides a service that benefits the entire organization. Therefore, it is vital that the mindset of the board elevate and honor this challenging role. Opening up the chain of command and bringing CISOs and other information technology or cybersecurity leaders to the table is a critical step in the right direction.

A challenge in building a relationship between the board and the CISO is that the average tenure for the position is only 26 months. This is less than half of your average C-suite employee, who typically stays in their position for more than five years. Addressing retention rates of key security leadership will improve institutional knowledge and elevate cybersecurity as a priority within organizations. Empowering security leadership helps build a healthy cybersecurity culture and this is an area where business leaders can teach and lead by example.    

Beyond empowering leadership, it is critical that leaders make decisions to support and invest in the right resources for their team. These resources will make organizations increasingly resilient to cyber events and create comprehensive approaches to cybersecurity management.

Every organization needs a thorough and continuous process for how to assess, prevent, protect, respond and recover from cybersecurity threats and events. It’s also critical that leaders accept the fact that breaches are inevitable. In today’s attack climate, breaches happen at all companies, even those with superior IT and security functions. Prioritizing investing in tools like cyber insurance and threat protection is an essential way to step up and address this need.

To make sure that investments aren’t an afterthought, business leaders need to work with CISOs to establish priorities and select appropriate solutions. Data and experience show it’s essential that these functions collaborate and complement each other to drive an organization’s resilience.

There are several benefits of investing in cybersecurity tools and solutions including:

  • Businesses run better. Improving cyber risk management practices and integrating them with cybersecurity frees organizations to pursue growth opportunities in stride, instead of taking halting steps because of vulnerabilities in their business ecosystems.
  • Losses are reduced. An uncovered cyber incident means an organization must bear the loss on its own. Expenses relating to cyber incidents, with or without data breach, continue to rise. Unexpected expenses are challenging for any organization, so solutions like cyber insurance that mitigate, prevent, or pay for a loss are even more valuable.
  • Teams work together more smoothly. Implementing strong cybersecurity practices allows teams beyond IT and security to work together in new, safe ways.
  • New leadership opportunities emerge. Wherever the cyber health education comes from, it should emphasize not only technical skills, but also leadership and continuing education on cyber threats and trends. As organization’s close the cybersecurity skills gap they tend to double down on making sure that tomorrow’s leaders are focused on continuous, lifelong learning across their organizations.

Fostering adaptability and resilience regarding security across an organization is more important than ever. Companies that educate their teams on the latest threats are poised for success. Collaborative cybersecurity risk management should be in the forefront of your conversations.

Mario Vitale, CEO of Resilience Cyber Insurance Solutions, has more than 40 years of experience in various leadership positions across a broad spectrum of the insurance industry. He sits on numerous boards including WNS (Holdings) Limited and Broad Street Partners.

Published date: April 8, 2021