It’s no secret that cyber attacks have the potential to cause massive business disruption – affecting both financial performance and corporate reputations. But when it comes to C-suite preparedness for cyber attacks, organizational silos are preventing businesses from taking a comprehensive approach. Cybersecurity is a threat that affects the entire C-suite, and managing this emerging risk requires an integrated mindset.
Many senior executives lack full knowledge about how cyber attacks could affect their organization and how to make cybersecurity a C-suite priority. Moreover, across organizations different leaders are addressing different parts of the cybersecurity challenge: where the chief information officer (CIO) and chief information security officer (CISO) are focused on physical and virtual data security, the CFO is concerned about ensuring financial stability in case of an attack. The chief legal officer may be concerned with the potential litigation effect, while the chief marketing officer (CMO) is responsible for mitigating bad PR and preserving the brand. In sophisticated organizations, the chief human resources officer (CHRO) is developing cyber training and awareness programs for employees to address threats that can originate within the company. Cybersecurity is clearly a distributed problem that requires integration across the entire C-suite.
Aon’s latest findings reveal that more than half of companies do not plan to buy cyber insurance even though there is an increased threat of attack. This disconnect exists primarily at the board level — the C-suite knows cybersecurity is an issue, but struggles to define its effect on financial performance. As cyber attacks become more prevalent, organizations will need to take an integrated approach toward preparedness.