Cybersecurity: CEO & Board accountability
Do you know that 60% of all data breaches originate from one of your current or former employees or third-party vendors? And there are external threats such as malware, ransomware and spyware. Consider the following impacts on your business:
1. What is the cost if your employees can't access the network for a day?
2. What if your company loses its most significant customer because they became victims of a cyber attack on your network?
3. What if the data of your employees and your customers are exposed?
4. What penalty and fees do you defend if your company violates intellectual property rights and confidentiality agreements?
5. What if your customer payments are redirected to a criminal bank account?
6. What if your reputation as a reliable supplier is damaged? What is the cost of hiring a professional communications company to do damage control?
The CEO and the Board of Directors must be aware of the risks and take ultimate responsibility for the organisation's cybersecurity. The Chief Information Security Officer (CISO) must have direct communication with the CEO and the Board of Directors. If there is no CISO, an external company must be hired to support the development and creation of an Incident Response Plan with action for various situations:
1. What are the most likely threat scenarios that can happen?
2. After the IT team, who should be notified?
3. When do we notify the authorities?
4. What do you tell the employees?
Recommended by LinkedIn
5. How will we use communications to maintain trust and our reputation?
6. What is our plan to restore from backup?
7. How are we going to operate if our systems are shut down?
8. How to determine the extent of the damage and what data has been compromised?
9. What will we do in case of permanent data loss?
10. What do you do if you suspect you have a cyber intruder?
The role of the Leadership in the face of (internal and external) cybersecurity risks is associated with implementing a Security Culture.