C-Suite Leadership and Accountability Key to Containing Cyber Risk

Steve Durbin

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. He is a frequent speaker and commentator on technology and security issues. Mr. Durbin has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. He has served as an executive on the boards of public companies in the UK and Asia in both the technology consultancy services and software applications development sectors. Mr. Durbin has also served as a Digital 50 advisory committee member in the United States, a body established to improve the talent pool for Fortune 500 boards around cyber security and information governance. He was ranked as one of the top 10 individuals shaping the way that organizations and leaders approach information security careers in 2014. Mr. Durbin is currently chairman of the Digiworld Institute senior executive forum in the UK, a think tank comprised of Telecoms, Media and IT leaders and regulators. He is a Chartered Marketer and a Fellow of the Chartered Institute of Marketing.

Cyber security threats are powerful and prevalent enough to threaten our new way of life; digital business, personal communications, public services, global commerce and even healthcare rely on networked information technology and data.

The people, processes, and technology that protect digital resources and manage cyber risk are essential to sustaining businesses and societies. Even so, in many enterprises, boards and executives are just beginning to truly engage in cyber security strategy and leadership. A NASDAQ survey highlights disturbing gaps between awareness and accountability at the highest levels of global enterprises. In fact, too many board members and executives are incapable of understanding security briefings and reluctant to accept responsibility for data breaches.

Over the past decade, the roles of the CEO, CFO, CIO, and CMO have undergone significant transformation. Public scrutiny of business leaders is at an all-time high, in part due to massive hacks and data breaches. It’s become increasingly clear in the last two years that in the event of a breach, the hacked organization will be blamed and held accountable. That means everyone in the C-suite is potentially on trial.

The good news is, executives are starting to pay more attention to the security measures guarding their organization’s assets, data, employees, and customers. The cautionary tales, end of day’s scenarios, and the threat of public humiliation have made an impact. Executive awareness and engagement are finally expanding to meet the threats, but building a solid line of defense requires ongoing, strategic collaboration. Leaders must commit to fostering a culture of accountability from the top, making sure their message reaches out to the edges of the enterprise and everywhere in between.

Covering all the bases—defense, risk management, prevention, detection, remediation, and incident response—is more realistic when executives contribute from their expertise and use their unique vantage point to help set priorities and keep security efforts aligned with business objectives.

View from the Top

The executive team has the clearest, broadest view of how their organization’s components intersect. A serious, shared commitment to common values and strategies is essential to a productive relationship between the C-suite and the board. Only through genuine, ongoing collaboration, can complex threats like cyber-crime and espionage be managed. Without coordinated oversight, risk factors will proliferate unchecked.

In a global enterprise, there are many elements beyond the C-suite’s control and traditional risk management simply isn’t agile enough to deal with the perils of cyberspace activity. By building on a foundation of preparedness, executives can create resilience by evaluating threat vectors from a position of business acceptability and risk profiling. Leading the enterprise to a position of readiness, resilience and responsiveness is the surest way to secure assets and protect customers, partners, and employees.

Now is the time for executives to step up and bridge the gap between awareness and action. Organizations that sow and fertilize a deeply rooted culture of security and accountability from the top down will be able to withstand the persistent, dynamic nature of cyber threats.

About the Author

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

Show Comments