According to FBI Director James Comey, the computer systems in nearly every company have been hacked. The question is whether or not companies are even aware when it happens.
Unfortunately, the issue of cybersecurity is often viewed as simply one more item on a corporate to-do list that just requires assignment to someone in the IT department. Far too many in leadership interact with IT only when there is an issue with their own individual computer. Yet with $5 trillion in value stolen from U.S. companies and the economy each year, IT security should be a C-Suite issue. The risks to reputation and corporate finances are simply too great, as is the threat of litigation.
While it’s true the talents and knowledge of a company’s IT professionals are crucial to any effective cybersecurity program, ultimate corporate success demands upper management support and involvement. If it’s not something your board, CEO or other top leadership know about in detail, it’s time for a change.
A good first step is to ask for an inventory of all sensitive data that is stored or transmitted via a computer and where a loss would cause the most damage. Consider risk with regard to impact on corporate reputation or the brand, litigation related to compliance issues, and financial loss due to a data breach. For each category, identify potential breach points, both internal and external. Don’t forget that your own people often pose the greatest threat and may require education and training.
This initial overview of your company’s IT system will likely prove quite enlightening for all corporate leaders, proving the considerable financial implications of cybersecurity. And, it’s a powerful exercise we recommend all companies review annually to keep IT at the forefront of all decisions.