Recent events such as the Equifax hack and the breach of the Edgar system, the SEC’s public company files, are not isolated events; this is a new reality. The volume of data stored electronically “in the cloud” and the rapid pace of technological change puts everyone at risk. As quickly as we can develop firewalls and protections, hackers can create viruses and ways around them.
Cybersecurity can no longer be treated as solely the purview of the IT department. This is a business problem, not just a technology problem. Aside from the obvious potential loss of information or other sensitive company data, other risks exist, including:
- Financial loss, including market share
- Erosion of company reputation
- Disruption at executive level, including firings
While many acknowledge the importance of cybersecurity as a strategic issue, executives often feel that they cannot keep up with the rapid changes. Further, they see a conflict between keeping data secure and continuing to innovate, feeling that security constrains innovation.
Discussions around cybersecurity solutions fall into two categories: reaction and action. Firms can react to the problem by protecting themselves, but it requires interdepartmental support. Indeed, cybersecurity affects all business units. Protection goes beyond secure applications and infrastructure. Security involves working with vendors or other firms who handle proprietary data, training employees, and constant vigilance and updating.
For long-term proactive measures, firms cannot simply overlay cybersecurity on top of business units and initiatives. It needs to be built into the foundation of the organization. Executives need to consider the following actions:
- Identify risks: which are more or less important?
- Decide upon an appropriate tradeoff between risk and cost/business impact
- Drive behavioral change across the organization through education and awareness
Welcome to technology’s brave new world, where the risks change rapidly and the stakes grow higher. Businesses must respond to these new challenges by adapting more quickly than hackers.