If you’ve been in business for long, you know that to build and implement any new program, you need support from those above. That same concept applies to your cyber-response program. With anything that touches on cybersecurity, you’re going to need support from those at the very top—your C-suite. If your execs don’t know how important a cyber-response plan is, read on.
Although stories of the dire consequences cyber attacks are in the news almost daily, don’t assume that your execs know how critical this part of the program is. Common answers when broached with the risk of cyber attack: it won’t happen to us because we’re under the radar, we have all the latest patches, and, doesn’t everyone know how to spot a phishing attack these days?
Your job is to explain the problem, using examples of other organizations like yours, and touching on the things that matter most to executives—preventing damage to the company’s reputation and brand (not to mention their personal reputations as leaders). Use that insight to show that cyber incidents come with both hard and soft costs, many of which are virtually impossible to recover. When customers’ trust is lost and brands are tarnished, the task of cleaning up and repairing the damage can take more money and far more time than stopping the breach did.
The Ponemon Institute states the average cost of a data breach in the U.S. was over $7.7 million in 2015, which means about $215 per record lost. By making your executives aware of numbers like that, you can often gain the support you need for a solid information-security program.
It’s also helpful to show that data breaches don’t only hurt your business, but harm customers and, potentially, their customers and consumers as well. Individuals touched by a breach often report feelings of trauma that affect their productivity and may be difficult to resolve. And breaches often involve investigations from law enforcement and government, and can spur audits by industry bodies and even by your larger customers. And, of course, breaches often invite lawsuits, and in some cases will require that those at the top level of an organization resign their post.
Want more tips and ideas to increase cyber awareness? Download your free guide, How to Develop an Effective Cyber-response Program, today.