Bridging the Gap: Cybersecurity to C-Suite
Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on Environmental, Health, Safety, Security, and Sustainability.
August 25, 2022 - In March 2022, the US Securities and Exchange Commission (SEC) proposed amendments to its rules regarding the disclosure of cybersecurity expertise within businesses. These amendments showcase the need for heightened focus towards cybersecurity at the core of business, surpassing conventional strategies that have allowed multiple headlining cybersecurity breaches over the past few years.
Many cybersecurity professionals are not fully equipped with the business language necessary to effectively communicate the immediate needs, threats, and path forward during and following a breach. This communication lull can impact the severity and duration of a breach and shift stakeholder perception, significantly impacting a firm’s bottom line and brand reputation.
Tasked with communicating a technical language that is not extensively used by top business professionals, cybersecurity experts are typically siloed within an organization. For cybersecurity professionals to be able to communicate effectively, they first need to be considered important enough to be heard and given the opportunity to be received by top business professionals who can make organizational changes. The narrative around cybersecurity and broader topics of technology risk must be understood by all parties to become an essential part of the company, not one where efforts can be outsourced.
How to Improve Cybersecurity within Business
One key step to closing the disconnect between cybersecurity professionals and business leaders is aimed at developing a deeper education and understanding of each other’s needs as well as terminology and processes essential to effective communication. To do this successfully, both sides must exercise patience and the ability to accept personal faults, putting aside titles and coming in with an openness to learn.
Board members and executive management must also embody a teaching role towards cybersecurity professionals, making themselves available to share insights and knowledge about the broader aspects of the business. This type of approach creates a bridge, connecting the different sectors and making way for effective communication.
Additionally, transparency is vital to avoid engaging in a ”blame culture” that often occurs following a cyber breach. Organizations that develop a culture of unity and cooperation have much greater odds of faster resiliency amid challenges, allowing the business to pick back up day-to-day work and avoid the breakdown of investor confidence after a major cyber breach.
Talent as a Driver for Future Success
In tandem with creating a culture of communication and collaboration internally, business leaders must also focus on attracting the right talent to help bridge the gap. In our technology-dependent society, cybersecurity has become increasingly more vital. Coupled with growing inflation, it becomes necessary for organizations to meet competitive compensation demands to retain talent within cybersecurity. Beyond salary, the limited, sought-after nature of cybersecurity talent also puts pressure on businesses to create an enhanced employee experience with additional benefits.
Businesses can no longer rely simply on competitive salaries; they must also offer opportunities and highlight efforts surrounding professional development (beyond technical qualifications through mentoring), retention incentives, flexible working abilities, and equity stake. Otherwise, by not showing their willingness to invest in talent, companies will find difficulty attracting and retaining good talent.
Building a More Resilient Cybersecurity Approach
It will undoubtedly take many steps, and indeed years, to effectively navigate the disconnect between cybersecurity and the broader business. However, by recognizing the need for cybersecurity to be integrated into the central business model and taking steps to allow this to occur, businesses will be better positioned to mitigate future attacks and disruption.
Cybersecurity professionals must be given an opportunity to vocalize their needs by providing them a seat at the table. Educating cybersecurity and top business professionals to understand what the other does, as well as sharing technical terminology to allow them to communicate in a way that is properly received by both sides will allow for a more robust cybersecurity presence and arm organizations with the ability to protect their digital presence and brand reputation.
This article was originally published online by Intelligent CISO on August 10, 2022 under the title: The SEC’s amendments highlight the need for companies to focus on cybersecurity and the wider business. The content has been updated for this blog. Refer to the full article for Mark Brown’s complete insights on this topic.
For more insight on total worker health and safety including workplace culture read Surviving to Thriving: Foundational Steps to Support a Thriving Business and visit BSI’s Experts Corner.