Not too long ago, a corporation’s cybersecurity initiatives were discussed only within IT departments. Even when breaches occurred, the spotlight focused on root causes and the technical fixes needed to remedy the matter. Rarely would such an issue have repercussions for any executive team member.
That all changed earlier this month when Target’s CEO Gregg Steinhafel, a 35-year employee of the company with the last six at the helm, resigned in light of the recent holiday-season credit-card security breach that affected 40 million customers. While many speculate about the reasons for his sudden departure, the retail giant has experienced lower-than-expected earnings thus far this year.
Related: Why We Need Another Sputnik Moment
So let this be a wakeup call to my fellow CEOs. We can no longer sit idly by and understand a company’s cybersecurity initiatives in only a cursory manner. Cybersecurity is no longer an add-on to the IT budget.
The loss of corporate data, violations of privacy laws and the degrading or total shutdown of business operations is becoming commonplace in today’s connected environments. These incidents put every organization -- and executive team member -- at risk.
This means each person on a company’s management team must be armed with the requisite knowledge to make informed decisions about cybersecurity -- not just an understanding of the basic concepts. Executives must understand more in-depth technological concepts and applicable laws and the future opportunities for senior IT and business managers, innovators and information entrepreneurs to solve information-security challenges.
This will allow the CEO and members of the management team to do the following:
1. Make decisions about cybersecurity with a better understanding of risk.
2. Explore cutting-edge strategies -- including cloud-based systems -- to increase business competitiveness while keeping data safe.
3. Understand the costs and benefits of an organization-wide cybersecurity program.
4. Stay current about issues within the changing information-assurance landscape.
So here’s my call to action: CEOs and other members of the executive team need to put cybersecurity training at the forefront of their strategic priorities. This is crucial in the modern workplace, most especially in the current environment when all expenditures are closely scrutinized.
Moreover, insights must come from all areas, including academia, the Department of Defense and the commercial world, so as to build and deliver credible, relevant and action-oriented plans focused on providing greater security for a corporation’s mission-critical data. Supplying such knowledge to all team members, from the executive team on down, empowers them to make a difference at job sites the day after the training program is completed.
Make no mistake. CEOs are now front and center in the efforts to grapple with and strategically undertake cybersecurity initiatives. Doing so will help mitigate large risks like the one Target experienced last holiday season while also uncover potential new ways to gain competitive business advantage. The responsibility, while certainly shared with the chief information officer, rests squarely with the CEO and requires a working knowledge of the organization’s IT security strategy. Those leaders that do not take this situation seriously will go the way of Mr. Steinhafel.
Related: Preventing Another Target Attack