If asked whether the senior manager of any organization should have an advanced understanding of legal or financial concepts, it’s likely that most people would reply in the affirmative. But what about knowledge of the cyber sphere?
In a world where cyber threats constitute a major threat to industry, should a basic understanding of cyber tools and concepts be a prerequisite for those seeking to reach the upper echelons of company management?
As professionals with extensive knowledge of the cyber field and advisors to leading international organizations, it is has become increasingly apparent to us that corporate governance plays a key role in fielding and mitigating cybersecurity threats.
The resources invested in the cyber domain are no longer an internal IT concern – they constitute a strategic issue that affects the way a business operates and conducts its business. As innovative as technology might be, it cannot respond to all threats that companies face today.
Senior management plays a key role in defining policy for effective cybersecurity. Such policy cannot be limited to technology but must also encompass the training of personnel and the establishment of regular processes and monitoring and reporting mechanisms. To guarantee alignment with the organization’s objectives, policymaking should be undertaken by internal personnel.
This approach was recently adopted by the Israel Securities Authority and is reflected in its guidelines for public companies and companies working in sensitive industries such as finance and security. The CEOs of these organizations must commit to defining policies and putting in place strategies that protect the companies from cyber threats. They must also designate internal entities responsible for implementing these policies and carrying out supervisory and control processes. If you are a CEO or a board member, it is your responsibility to ensure the organization you lead complies with regulatory guidelines and has the necessary monitoring and control tools to supervise the process.
The situation may be even more complex for executives in non-regulated companies. In the absence of formal guidelines, managers may find themselves accused of and even held personally responsible for cyberattacks that the organization was ill prepared for.
Denial of service and disclosure of private information about the organization, its employees, or its customers can lead to disruption and even complete paralysis of the organization’s activities. In many cases, this can also cause significant damage to the organization’s public image and affect its ability to continue trading.
Consequently, it is the responsibility of executive management to ensure they have the necessary knowledge and skills to adequately protect the organizations they lead from cybersecurity threats.
In recognition of the vital role played by senior company personnel in managing and mitigating risks, CyberPro has developed a range of dedicated courses and workshops that aim to provide executive management with a general understanding of the cyber realm, trend analysis, and technology reviews.