Why Senior Leaders Are the Front Line Against Cyberattacks

All companies are aware of the growing risk of cyberattacks, yet few are taking the steps necessary to protect critical information. The key? Senior managers need to lead.

June 23, 2014

Tucker Bailey, James Kaplan and Chris Rezek

Why isn’t more being done to protect critical information assets? Senior executives understand that the global economy is still not sufficiently protected against cyberattacks, despite years of effort and annual spending of tens of billions of dollars. They understand that risk alone undermines trust and confidence in the digital economy, reducing its potential value by as much as $3 trillion by 2020. They understand most institutions have technology- and compliance-centric cybersecurity models that don’t scale, limit innovation, and provide insufficient protection. And they understand that institutions need to develop much more insight into the risks they face, implement differential protection for their most important assets, build security into broader IT environments, leverage analytics to assess emerging threats, improve incident response, and enlist frontline users as stewards of important information.

The importance of cybersecurity is no secret to anyone who’s opened a newspaper or attended a board meeting. So, senior executives may ask, what’s the holdup? The answer is simple: understanding the issue is quite different from effectively addressing it. A number of structural and organizational issues complicate the process of implementing business-driven, risk-management-oriented cybersecurity operating models, and only sustained support from senior management can ensure progress and ultimately mitigate the risk of cyberattacks.

Structural hurdles to addressing cybersecurity

There are a number of factors that make getting the right cybersecurity capabilities in place difficult for large institutions. First, competitive imperatives mean executives must accept a certain level of cyberattack risk. As a chief information-security officer (CISO) at an investment bank said, “If I did as thorough a security assessment as I would like before we nailed up a direct connection to a hedge fund, our prime-brokerage business would cease to exist.” What this means is that in order to protect themselves without limiting their ability to innovate, companies have to make sophisticated trade-offs between risks and customer expectations.

Second, the implications of cybersecurity are pervasive—and that alone impedes the adoption of risk-mitigation strategies. Cybersecurity touches every business process and function, not only in operations but also in customer care, marketing, product development, procurement, human resources, and public affairs. Just two examples: product-development decisions often increase the volume of sensitive customer data that is collected, while procurement decisions can create the risk that vendors will treat sensitive intellectual property with less care than required.

Get access to this article and thousands more...

All Insurance Networking News articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to exclusive industry white paper downloads, web seminars, podcasts, e-books, and conference discounts. Qualified members may also choose to receive our free monthly magazine and any of our e-newsletters covering the latest breaking news, opinions from industry leaders and developing trends.

Already Registered?

Free Site Registration