“Reason can answer questions, but imagination has to ask them.” — Ralph Gerard, American psychiatrist
What happens to an organization when its leadership has committed a failure of imagination in the area of cybersecurity? For the answer to this question, look no further than the many class-action lawsuits, lost customers and revenue, and diminished market value associated with high-profile data breaches and cyber risks — not to mention the intensified scrutiny from regulatory bodies, such as the U.S. Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC) and state attorneys general.
In the event of a data breach, a failure of imagination might influence business leaders to ignore the factors that caused the attack. It might also lead to a misperception about the chief information security officer (CISO)’s budget, level of visibility within the organization and ability to gain executive support to enact meaningful changes throughout the enterprise. Finally, a failure of imagination could cause board directors to assume that management is on top of cyber risks when, in fact, top leadership has abdicated all responsibility for security.
