Four-Time CEO Says Corporate Culture is the Most Important Defense in Cybersecurity
The following post was originally published on bricata.com
That culture eats strategy for lunch is an idea often attributed to the late management guru, Peter Drucker. Mr. Drucker may have never imagined the world of cybersecurity we have today, but the power of good ideas is that they hold up over time.
To that end, culture may be the most important factor any CEO has within reach to secure their organization, according to Ben Levitan. Over the course of his career, Mr. Levitan has held the CEO title four different times and influenced many more as a board member and during his tenure as a venture partner at In-Q-Tel.
Ben Levitan is a member consultant and serves on the board of Bricata, and given his experience in the corner office, we thought it would be useful to sit down for an interview and get his take on what CEOs really need to know about cybersecurity.
In doing research for this interview, we noticed some headlines saying in effect, CEOs suddenly care about cybersecurity. Do you think that’s true?
BL: CEOs have cared about security for a long time for three primary reasons. First, the scale of attacks is a steady drumbeat of breaches and a new threat count seems to grow daily. Secondly, the financial impact has grown significantly. And third, cybersecurity is a compliance and reputational risk in every industry and in every organization.
Another key reason why CEOs care more about cybersecurity is the effect breaches have stretched across the business to outside relationships with suppliers and customers. This means security touches more people than ever and CEOs now recognize this risk to their businesses as they are increasingly digitally connected and integrated with customers and suppliers.
It’s worth noting, the pace of regulation has picked up recently which makes security hard to ignore. For example, the General Data Protection Regulation (GDPR) framework comes with significant fines or the threat of significant fines. This affects any organization doing business within the European Union (EU) or with a European citizen – and that essentially means everyone!
In the grand scheme of the responsibilities that CEOs have across employees, customers, stakeholders, where should cybersecurity fit on the very long list of priorities that they already have?