Introduction to Cyber Leadership Strategy

The world of cyber security leadership advice is almost as saturated as the market for the different technologies available to protect against such attacks. Business leaders are overwhelmed with information on how to tackle cyber security and implement robust leadership strategies. IT leaders are bombarded with an Aladdin’s cave of security solutions armed with innovative technologies for combating security vulnerabilities.  Yet with proper CISO training a career in cybersecurity can be rewarding, fulfilling and lucrative.  

There is a myriad of information available to business leaders, from the top ten steps, compliance frameworks, government papers on cyber security defense, standards, and industry best practices and regulation. In a complex landscape of shifting threats, security tools, and increased interconnectivity, it’s often tricky to get down to the bones of why cyber security is essential and the practical steps to take to implement a robust strategy. 

We are starting a series of articles with the aim to cut away the jargon, provide some practical information on how to form a strategy for your business and what controls you may wish to consider reducing your threat landscape. Any plan or solution should be pragmatic, fit for the size of your company and industry, and it must specifically address the threats and regulatory environment in which you operate.  

Introduction 

According to the World Economic Forum Global Risk Report 2019, Cyber-attacks are one of the top ten most significant concerns for an organization in the next ten years. Reports from governments, regulatory bodies, and the insurance industry have evidenced the fact that cyber crime, malware infection, and data theft are still on the rise.  

Although recent years have seen increased engagement from industry and continual investment in cyber security, there continues to be a year on year growth in reported data breaches. Unfortunately, no organization is free from the threat of a cyber-attack, and it is a much-touted motto that organizations must prepare for ‘when’ an attack may occur, not ‘if’ one does.  

Armed with the right information, businesses should prepare a strategy that seeks to limit the threat landscape through educating employees, building resilience, and preparing to respond and recover from an incident. A robust, realistic, but non-alarmist approach can help your business decrease the likelihood of becoming a victim of cyber crime. Preventing damage to reputation, finances, and ultimately survival and success in a digital economy.   

Cyber resilience is the process of preparing a business’s strategy to continuously deliver its core mission or services despite, or in the event of, an adverse cyber event. Cyber resilience brings together aspects of business continuity, information security, and technical security monitoring to ensure an organization can defend against potential or realized attacks.  

Cyber security, what’s in a name? 

Before discussing cyber security strategy, it’s first essential to define what we mean by the term’ cyber security’. It’s vital organizations have an agreed understanding of what cyber means for them and how it relates to its activities.  

Cyber security, as defined in this article, adopts the Gartner definition; it is not a term that just refers to technology. Cyber security is a business-wide approach that considers data security, information security, compliance, risk management, regulatory controls, and technological innovation. 

Cyber needs to be considered at every step of an organization’s development and growth. It should no longer be just an IT problem. Cyber security should be a risk-based approach to ensuring the confidentiality, integrity, and availability of an organization’s information assets and the technology platforms that information relies upon. Cyber affects brand reputation, business growth, customer and supplier confidence, and the ability to innovate in an increasingly crowded market. 

In the next articles of the series we will talk about CISO, leadership and cross-departmental co-operation. We will discuss cyber strategy and its core elements, as well as governance and compliance frameworks.