Cybersecurity Culture Among Executive LeadershipAs the saying goes, everything starts at the top. This is true for most organizational issues, and it is undoubtedly true of cybersecurity culture. Cyberattack sophistication, impact on breached companies, and prioritization for managing cybersecurity has evolved rapidly over a pretty short period.

Cyberattack Responsibility—From IT Cubicles to Corner Offices

Early in the digital age, cybersecurity was solely the domain of technology team members—far from the minds of those sitting in corner offices or boardrooms. Attackers were often unorganized hackers who seemed to like to cause havoc for reasons that were indiscernible to most. However, cybercriminals were cutting their teeth, and the seemingly pointless disruptions and damage were a training ground for learning how to execute today’s high-value breaches.

Cybersecurity Culture Among Executive Leadership Has a Long Way to Go

Many executive leaders recognize cybercrime as a concerning risk on the list of concerns with many other business risks. However, for too many companies, the issue is not part of overall corporate strategy, and cybersecurity is not included as a critical, consideration as various initiative decisions are made.

EY’s most recent Global Information Security Survey revealed that 50 percent of surveyed organizations faced an increased number of disruptive attacks within the past twelve months. However, despite the rising risks, only 36 percent of new, technology-enabled business initiatives included the security team from the beginning.

There is executive involvement in a growing number of organizations—a recent ISACA and CMMI Cybersecurity Culture Report revealed that 75 percent of organizations are getting management more involved with cybersecurity culture. However, within many organizations, executive-level involvement is minimal even if engagement is growing.

4 Moves Forward-Thinking Corporate Executives Must Make to Advance Cybersecurity Culture

1. Create a security-by-design culture. For too long, cybersecurity has mainly been a compliance activity using a checklist approach rather than building security into every technology-enabled business initiative. Cybercriminals will not let up and will only improve their craft. To be proactive rather than reactive, executives must foster a security-by-design culture that bridges the security function and the C-suite. The chief information security officer(CISO) must serve the executive team as a consultant and strategist.

2. Communicate the cybersecurity strategy. Every business faces unique risks and compliance demands. There is no one-size-fits-all approach. However, executives should consider primary strategic concerns such as business continuity, brand protection, compliance, and bottom-line growth. The company’s culture, portfolio, and target markets must inform decision-making. For example, given the confidential, life-and-death nature of a hospital’s business, business continuity and patient privacy should be deciding factors. In contrast, for a Fintech company serving small and mid-sized banks, cybersecurity expertise could be a competitive advantage used to support growth objectives. How cybersecurity fits within corporate strategy and culture must be clear so that it can protect every part of the business.Podcast - How cybersecurity culture is changing

3. Position the cybersecurity function strategically. By default, many organizations position cybersecurity under the CIO. Placing cybersecurity and other technology investments under the same budget might not be the best strategy. In most organizations, IT spending prioritizes product development. While understandable, this can lead to underinvestment in cybersecurity.

4. Emphasize cybersecurity in merger and acquisition (M&A) due diligence. M&A due diligence usually prioritizes finance, operations, human resources, sales, and IT, while cybersecurity due diligence is often ignored. However, executives increasingly realize that once two organizations are connected and their systems integrated, security vulnerabilities in one will quickly infect the other. Cybersecurity needs to have a prominent seat at the table during M&A due diligence and integration planning.

With the proper vision, steps, and planning a strong cybersecurity culture can be envisioned, crafted, and communicated within your organization. If SilverSky’s Professional Services team can help you as you undertake this journey, don’t hesitate to contact us.

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.