Have we really reached that special moment -- the tipping point -- when we can no longer accept the "breach du jour" syndrome? Can we continue to watch helplessly every day as companies we trusted to safeguard our private data announce that tens of millions of people have just been victimized? If this really is our "Valdez" moment we may be shocked to learn that this is not so much a technology issue as a massive leadership failure at the C-Suite and Board of Directors level in our most respected corporations.
An important insight that has escaped many leaders is that the solution is never as simple as spending more money or buying more technology -- it's about taking ownership at a senior leadership level, along with a more 'holistic' view of security in the enterprise. It's time to evolve beyond the view of security as "event management" and ultimately accept that managing cyber security must be part of the corporation's strategic risk management policies and processes. While technology is important it is merely one part of an effective risk management effort. A larger part of Risk Management is cultural - how people behave and think. As every project manager has painfully discovered, changing technology is relatively easy compared to changing human behavior. Literally, the only way to insure that the required changes will occur is to make the C-Suite responsible operationally and the Board of Directors responsible for oversight/governance. Experience shows that anything short of this will most likely result in continued and increasing vulnerability and disruption - no matter how much money is thrown at the problem. A June 2014 study by PWC on managing cyber security concluded that senior leaders “…should view cyber security within the context of information risk management to help understand and mitigate cyber threats specific to their enterprise. Companies should not relegate cyber security to an isolated technology function that is detached from enterprise risk management. “
At Disruption Forum we realize that C-Suites and Boards need new attitudes, perceptions and tools to effectively take ownership of cyber security -- and we have initiated a project to support these leaders in their efforts. Look at the Darwin Security Framework on this site for more details. The Darwin Security Framework is our most recent initiative, and it is gaining momentum the fastest. This may be some of the most important work the foundation is pursuing. To achieve the best outcomes we are partnering with leading security experts, industry leaders, insurance companies and solution providers.
If we are to get ahead of the evil-doers, protect our valuable data and enable insurance companies to indemnify our corporations -- we must adopt new ways to manage the business risks of cyber security. Now is our moment to evolve.
What are your thoughts?
Click on "Comments" below and join the conversation!