Culture, particularly in the corporate world, is a subtle but potent force. It's the air your company breathes, the wind that propels your ship. When it comes to cybersecurity – or let's just call it Cyber – a cultural shift is long overdue. Especially at the director and officer level. If you're scratching your head, wondering if Cyber culture even applies to your boardroom or C-suite, let's just say this - you're not the only one. According to a recent McKinsey survey, a whopping 72% of boards and officers report inadequate transparency on Cyber issues. Unsettling? Absolutely. Surprising? Not quite. Let's rewind a bit. Just a few years ago, a well-known director, Frank, famously quipped: "Our job is strategy, not cyber hygiene." But let's set the record straight. In this digital age, Cyber is strategy. If your board isn't fully clued up on Cyber, you might as well be sailing with a hole in the hull. It's not a question of if water will start gushing in, but when. "But hang on," I hear you protest. "We're directors and officers, not cyber experts!" Valid point, but let's clear up a common misconception. You don't need to be a Cyber expert to govern Cyber risks. Your role isn't to configure firewalls or code secure apps. Your role is to foster a culture of transparency and to oversee Cyber risk management. So, what's the first step on this path? Kick-off by challenging your Cyber risk management team. Demand plain-English briefings, not techno-babble reports. Ask for real-world scenarios, not hypothetical bugaboos. Request clear metrics, not vague estimates. And, most importantly, don't let Cyber hide in the IT basement. Bring it up to the boardroom. Now, let's tackle the elephant in the room - financial risk quantification. Remember, money talks, and when it comes to Cyber, it has a lot to say. The common stumbling block here is not the lack of data, but its translation. It's about taking those gigabytes of raw Cyber data and transforming them into dollars and cents. So, as an officer, what's your role in this? You need to work hand in glove with your Cyber team to quantify the financial impact of Cyber risks. You need to understand how a breach can hurt your bottom line, disrupt your supply chain, or shake investor confidence. In short, you need to understand the economics of Cyber. In the grand scheme of things, the goal here isn't just about preventing breaches or passing audits. It's about cultivating a culture of transparency, where Cyber is an open book that every director and officer can read, understand, and act upon. To put it bluntly, if Cyber transparency isn't a part of your corporate culture, it's time!
In today's Cyber-driven world, a company that treats Cyber as an enigma is like a car trying to speed down the freeway with a fogged-up windshield - a crash waiting to happen.
Comments