top of page
Search

What Cybersecurity is and is not

Cybersecurity is not a technical issue; it is a business issue…with technical aspects attached.

Cyber is not the captain of the ship. The business and technology stack steer the ship and cyber is simply ONE of the navigators.


First, let's start with why cybersecurity is currently viewed as law enforcement, a red/green light, a gatekeeper, an auditor.


Since cyber risk is engrained in just about everything...potential a systemic risk...EVERY item has an element of security…keys, phones, doors, buildings, IT systems and more.

Cyber is a cost/risk, or risk/reward, equation. As a strategic thinker, that is part of your job - you must be able to calculate, present, and advise the CEO and Board based on this metric.

Security as a technical item is a lot of the same stuff. Most people serving as CISO are the hammer and see each issue as a nail, with the end goal of hammering each nail. We are all guilty of it. If we do not address this as an industry, then the D&O will never have an open ear towards cyber risk strategies.


What we see as a failure with most cyber advisors serving Directors or Executive Officers - is their lack of business acumen. It may come as a surprise to you - that a board is more willing to hire an entrepreneur than an ivy league graduate. If you are surprised, it is likely you are one of the many that needs to level up on the business side of the house. That is to say, you need to know cyber (or the technical side, which is a given); additionally, you must also be able to determine how the business runs and what makes it successful.


Do you know what EBIDTA-earnings before interest taxes, depreciation, and amortization is? Better yet do you know what makes your company unique in your industry and their viewpoint on revenue generation? Their strategy on revenue generation (and are you contributing to it or ignoring it)?


This is to all say, much like the CFO deals with financials, cyber [if done right] is a business enabler, a revenue generator, a long-term value creator.


Your job is to strategically align cyber risk to the business; make no mistake, it is not the other way around.

 
 
 

Comments

bottom of page