Watch this video from Korn Ferry.
What is important is that Korn Ferry is an organization that works with and advises boards and top executives.
They are right when they say that the CEO has to be proactively involved and that cyber is not an issue to be left to the techies, even the CIO, CTO, or CISO.
Let me repeat that: it is not an issue to be left to the CISO. The involvement of the entire leadership team is required to understand how a breach can affect the business and contrast that to other sources of risk.
They are right when they say cyber needs to be prioritized and treated the same way as any other risk.
But they don’t provide any practical guidance.
It is not sufficient to say that cyber risk is high, medium, or low.
The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.
It is important for practitioners and leaders to focus on the risk to the business, and not get hyped up by breach headlines or by eager consultants.
Resources and attention should be allocated commensurate with the potential for a cyber problem to affect the business.
Resources and attention…
