Online threats and cyber crimes increase with intensity and complexity almost daily. Couple this with the fact that nearly all business functions rely on the Internet and IT in some way, and you have big reasons to fear a failure in your company’s online defenses.
The Department of Homeland Security has identified five main questions that c-level executives should consider when addressing cyber risks. These points are presented in the IT Download, Cybersecurity Questions for CEOs. The informative document covers these key questions and others that company leaders must evaluate in their organization to ensure company data and systems are safe from attack—questions that many executives never think to ask of their IT security team, such as:
- How many cyber incidents do we detect in an average week?
- How and when is executive staff notified of a breach or attack?
- What are our current risks to attack?
According to the document, company leaders should take an active role in risk management discussions:
CEO engagement in defining the risk strategy and levels of acceptable risk enables more cost effective management of cyber risks that is aligned with the business needs of the organization. Regular communication between the CEO and those held accountable for managing cyber risks provides awareness of current risks affecting their organization and associated business impact.
This download also provides tips on what role CEOs should take in cyber risk management within their companies. It explains that although no company can be 100 percent protected from cyber incidents, having a quick response can mitigate damages to company data and equipment. But the incident response team should include all areas of the company:
A key component of cyber incident response preparation is planning in conjunction with the chief information officer/chief information security officer, business leaders, continuity planners, system operators, general counsel and public affairs.
Other important items the download brings to light are awareness of current threats, sharing of data about risks from various partners and sources, and staying up to date on vulnerabilities within your company’s equipment and networks.
Keeping company data and systems safe is serious business. Being informed and creating a proper plan can go a long way in providing a solid defense against attacks and, more importantly, keeping the panic and damage to a minimum should a breach occur.