In Focus: CEOs Are Underprepared for Cyber Threats
New regulations to expand cybersecurity expertise and reporting requirements can only help to eliminate the very real threats companies are facing on a daily basis.
Q1 2023
According to the most recent Marcum-Hofstra CEO Survey published in December, less than one third (31.8 percent) of CEOs said their company is well-prepared for any cybersecurity threat they might face in the foreseeable future. That’s a staggering and sobering message. If you look at how other risks are managed, such as supply chain, market conditions, or higher financial interest rates, there is a much greater degree of focus and success.
It’s difficult to imagine that most CEOs are unaware of cyber threats. You can’t go a day without seeing an article about the latest sensational cybersecurity incident. And none of these attacks are limited to a particular size or type of company. Attacks are impactful and pervasive.
You can’t go a day without seeing an article about the latest sensational cybersecurity incident. Risks due to cyber threats continue to be treated differently than all other types of organizational risks despite clear evidence that cyber losses can include millions of dollars, penalties, and fines; class-action lawsuits; reputational damage; and lost opportunities. Don’t forget employee attrition — who wants to work for the latest firm to become a media headliner for all the wrong reasons?
A Business Survival Imperative
Even within many large organizations, cybersecurity departments still report into IT, as if security were an IT function (spoiler alert: it’s not an IT problem; it’s a business survival imperative). Cybersecurity needs an equal place in the C-suite. Accept the reality that IT and security have very different focuses, agendas, and KPIs. Recognize the differences, celebrate them, and place security equal to the IT function.
CEOs don’t entirely own this problem. There are many boards of directors with no significant cybersecurity expertise. Where are the board members who were former CISOs and lived through a major security breach? They are the leaders who really know how painful and expensive it is to survive one, and they have the lessons learned under their belts.
In 2022 the Securities & Exchange Commission proposed new regulations that would greatly expand the cybersecurity expertise and reporting required of public company boards. If approved, there will be a scramble for talent with experience focusing on operating risks, strategic and practical elements of meeting existing and coming regulations, as well as future opportunities that a great cyber posture can provide. This is not to be feared — it will be a good opportunity for forward-acting organizations to get ahead.
Accept the reality that IT and security have very different focuses, agendas, and KPIs. Still wondering about the connection between IT systems and water? In 1908, Jersey City, N.J., became the first U.S. city to begin routine disinfection of community drinking water. Other municipalities quickly followed suit. Until then, citizens contracted water-borne illnesses regularly.
A strong cybersecurity capability is the disinfectant all organizations need now. Some day we will look back and shake our heads at the unbelievably slow progress of providing basic sanitation and protection to our IT capabilities, particularly given how dependent we are on them. Elevate your organization’s cybersecurity capability now, and we can all raise a cold glass of clean water to that future.
Project Announcements
Republic Airways Holdings Plans Tuskegee, Alabama, Training Operations
04/18/2024
South Africa-Based Radel Plans Winston-Salem, North Carolina, Operations
04/18/2024
Firestone Industrial Products Expands Dyersburg, Tennessee, Operations
04/18/2024
Samsung Electronics Expands Taylor, Texas, Chip-Manufacturing Operations
04/18/2024
OMCO Solar Plans Huntsville, Alabama, Production Operations
04/18/2024
Martco-RoyOMartin Upgrades Allen Parish, Louisiana, Operations
04/18/2024
Most Read
-
2023's Leading Metro Locations: Hotspots of Economic Growth
Q4 2023
-
2023 Top States for Doing Business Meet the Needs of Site Selectors
Q3 2023
-
38th Annual Corporate Survey: Are Unrealized Predictions of an Economic Slump Leading Small to Mid-Size Companies to Put Off Expansion Plans?
Q1 2024
-
Manufacturing Momentum Is Building
Q1 2024
-
Making Hybrid More Human in 2024
Q1 2024
-
20th Annual Consultants Survey: Clients Prioritize Access to Skilled Labor, Responsive State & Local Government
Q1 2024
-
Public-Private Partnerships Incentivize Industrial Development
Q1 2024