Finance, operations, management, sales, and marketing everyone gets. But cybersecurity still can be overlooked. It’s a mistake to treat a potential business-killer as an afterthought.
Op-Ed: Cybersecurity, the new pillar of business.
Cybersecurity can sometimes be treated as an afterthought. However, with the recent surge in ransomware and cyberattacks, it’s coming to light just how important it truly is. Everyone understands why finance, operations, management, etc. are non-negotiable to an organization, but where does cybersecurity fit?
Entrepreneurial ventures and long-standing businesses have placed an emphasis on key pillars for success, which for decades have been a constant staple throughout business models — including areas such as marketing, sales, finance, operations, and management. But with today’s prevalence of sophisticated and advanced cyber threats, if cybersecurity is not made a top priority, the very existence of a business will be in jeopardy.
Prevention or remediation: relative costs.
Cyber Risk Quantification models have found that the cost of a data breach significantly outweighs the cost of prevention. Just last year there was an unprecedented surge in ransomware attacks, with the average ransom paid by organizations in the U.S. growing from $115,123 in 2019 to $312,493 in 2020, a year-over-year increase of 171%.
Technology surrounds the workplace often at large and dangerous scales. From emergency alert systems for schools in lockdown to massive supply chains relying on digital programs, data breaches can cost not just money, but also human lives. For example, a 2019 Health Services Research study indicated that for every 10,000 heart attacks at a cyber breached hospital, there were roughly 36 additional deaths beyond the typical heart attack fatality rate for hospitals. Just as intelligence should flow through every aspect of a security program, cybersecurity should touch every aspect of a business in order to protect organizations, employees, and client data from threat actors.
The way we work today should shift our risk calculations.
After decades of traditional business models being preached to entrepreneurs as the recipe for success, we have reached a time when it is crucial for business leaders to realize that cybersecurity must be placed at the center of attention. This is especially clear during the rampant increase of cyberattacks against businesses of all sizes over the last decade and has become even clearer since the onset of the COVID-19 pandemic, which has resulted in more reliance on digital technology than ever before. New digital strategies post-pandemic — compounded with the natural progress of digitalization in the workplace — have created widespread cyber vulnerabilities for every type of business.
All businesses that rely on digital solutions must take notice of the changing times because everyone can be a target for cyber threat actors. We’re at a point in time where businesses need to add cybersecurity as a key pillar to their model of success. There must be a shift away from traditional business thinking and toward practices that address a business environment with highly distributed and remote workforces that rely on digital solutions. The environment has changed and with them the elements of success.
As cyberattacks targeting businesses and their employees continue to rise, the budgets for cybersecurity are also increasing. Even before the COVID-19 pandemic introduced hybrid and remote workforce models resulting in new digital vulnerabilities, businesses were beefing up their cybersecurity capabilities. A study conducted in March of 2019 (pre-pandemic) found that small and midsize businesses were increasing their cybersecurity budgets by 14%, probably because of the continued digitalization in the workplace. And businesses relying on digital solutions are becoming even more common post-pandemic, creating a greater need for cybersecurity to be front and center of any business strategy. It cannot be considered good business practice to develop strong, profitable products if the company and its employees are vulnerable to cyber threats.
Organizational changes for a new era of cyber risk.
Some of the steps businesses should take are organizational. The entrepreneurial paradigm needs to place the chief information security officer (CISO), the executive in an organization responsible for protecting the business’ systems and assets from both internal and external threats, at the same level as the CEO, CFO, and COO. Never before has the security of an organization’s sensitive data and critical systems been as important as it is today.
Although many businesses do have CISOs, the value that they bring to an organization’s financial and technical stability is not always fully realized. In fact, information technology company Bitglass researched different Fortune 500 companies and found that many organizations do not have a meaningful commitment to cybersecurity. Their research found that 62% of companies have a CISO, but only 4% listed the role on its leadership page, and 77% had no information on their websites about who is responsible for security strategy. Unfortunately, many CISOs do not even report to the CEO. This is unacceptable. It’s a recipe for disaster that can lead to a cyber-related incident hitting a business with both financial and reputational damage.
In 2022, it will be essential for all businesses to respond to the ever-growing, sophisticated, and evolving cyber threats with an increased budget for cybersecurity and a mindset that places CISOs and security teams at the center of their business strategy. Cybersecurity may have once been thought of as being like the night watchman you hired to keep an eye on the bank. You had to have one, sure, be he certainly wasn’t in the boardroom.
But now, we have reached a critical turning point in which nearly every business relies on digital technologies and finds themselves rapidly expanding their digital footprint, therefore enlarging their risk and attack surface for cyber threats. Now, the CISO is at least as important as corporate counsel or even operations.
No longer can cybersecurity be on the periphery of business decision-making — it’s time to shift it to the center of the discussion.
About the author.
Adam Vincent is the Co-Founder and CEO of ThreatConnect Inc. He possesses more than a decade of experience in programming, network security, identity & access control, and a detailed expertise in information security. Adam is a highly sought-after practitioner, entrepreneur, and business leader in the security and technology industry and currently serves as an advisor to multiple security organizations supporting the Fortune 500, top financial institutions, and government agencies.