Navigant's Cyber Risk and Information Security PracticeLearn More

Blog

What Business Owners, Executives Need to Know About Cyber Security26 August 2014

By
Risk Management

Business owners and executives face increasing difficulty figuring out how to protect their organizations from data breaches. Making the decision even more daunting is that executives and business owners rarely have expertise in the field of cyber security. This lack of knowledge, combined with the perceived “black box” nature of cyber security, make it all the more challenging for executives to make well-informed decisions on how best to proceed.

Many executives, for instance, may not understand that a robust and comprehensive cyber security approach not only minimizes their exposure and reduces their expenses but also differentiates their business in the marketplace and drives revenue. Customers and shareholders care about security — and are more comfortable doing business with companies that actively promote cyber security and keep customer financial and personal data secure.

What makes cyber security so complex?

Cyber security is a diverse, ever-evolving discipline comprised of highly specialized areas of expertise. In this sense, cyber security is like the medical field, where experts across a broad range of disciplines work together to ensure patient health. Take, for instance, a patient with the autoimmune condition lupus, who seeks regular treatment from a host of specialists — a rheumatologist, cardiologist, neurologist, dermatologist, and gastroenterologist. The list goes on, given that lupus (and many other complex conditions) can potentially affect any part of the body. So a collaborative, highly integrated approach among specialists from many disciplines is a necessity.

Like patients suffering from a complex medical condition, organizations often have to consult with multiple experts to figure out and implement the best course of action to ensure security. Some organizations are fortunate to have dedicated information technology (IT) personnel with expertise securing IT systems. Most, though, don’t have this luxury — and it’s this lack of a knowledgeable resource that can cause executives to make poor decisions or even ignore the subject entirely.

Many executives are under the impression that purchasing and installing the latest hardware or software tools will solve their IT network data protection needs. The problem with this approach, however, is that too often hardware/software vendors are motivated to sell products, regardless of whether a product is the right solution for a company and its data security needs.

We encourage executives to treat the development of a comprehensive cyber security approach like a major investment analysis. What does this mean, exactly? It means considering far more factors than are typically taken into account when developing an overarching approach to cyber security and data breach prevention. These include:

  1. Integrating the cyber approach into the overall business framework,
  2. Performing an IT system assessment to get a clear and objective picture,
  3. Determining the right level of cyber security protection (and realizing there is no “one size fits all” solution),
  4. Analyzing the costs and benefits of any hardware/software purchase, corporate policy and guideline implementation, staff training, continuous monitoring, etc.,
  5. Identifying industry specific requirements, such as regulatory compliance,
  6. Developing pre-breach and post-breach processes,
  7. Prioritizing cyber activities to ensure that highest value activities are completed first,
  8. Identifying the capabilities and availability of internal resources,
  9. Leveraging project management best practices to maximize value of approach and effective management.

At COMPASS, we’ve developed a methodology that covers all of these factors — and guides business owners and executives through the complexities of developing a customized, cost effective, and practical solution to cyber security.

In today’s hyper-connected world, every company is just one data breach away from being a leading story in the constant 24/7 news cycle. Not sure where you stand? Get in touch to learn about our initial IT network security health assessment.

Work With Us Learn How