Byline: Paige H. Adams
Cyber security leaders are also business leaders, working to protect data without business interruption. But the complexities and magnitude of today's cyber security challenges are daunting for many organizations and not every executive is a cyber security professional, nor do they necessarily need to be. What's important is that those with the primary responsibility for cyber security in an organization communicate risk effectively among their colleagues and across the business.
The World Economic Forum's recently-published Cyber security Guide for Leaders in Today's Digital World provides a practical guide to dealing with cyber security challenges. Is it a full-proof defense against cyber attacks and security breaches? No, there are no silver bullets, but it does contain 10 basic tenets for business leaders to incorporate into their companies' day-to-day operations. Diligent application of these tenets - and making them a part of your corporate culture - will go a long way toward reducing risk and increasing cyber-resilience.
Zurich Insurance Group uses a risk-based framework to achieve this. Its Integrated Information Security Baseline (IISB) unites security efforts across the global organization and helps business leaders - business unit CEOs, COOs, CFOs - to better understand and manage critical cyber-risks. Jointly managed by the first and second lines of defence, it is comprised of crucial risk indicators that touch on several of the tenets in the World Economic Forum's guide. Its primary benefit is that it helps to achieve the 10th tenet: creating a culture of cybersecurity.
A strong cybersecurity culture is not about making everyone in an organization a technical expert on the latest cyberthreats, but rather about keeping these essentials in mind:
* Nearly all individuals in an organization have access to information that is valuable to cybercriminals. This could be information with value in its own right, such as personally identifiable information that can be sold on the dark web; or information such as credentials that can be exploited and used to burrow into network systems and access other critical systems.
* Many data breaches are enabled by unintentionally risky behaviours, such as selecting weak passwords or sharing account login credentials.
* Most importantly, the bulk of today's cyberthreats achieve their goal through humans and the targeting of individuals through phishing and social engineering.