After the departure of the Equifax CEO for their ongoing security event, it seems many CEOs are starting to wake up and notice that cybersecurity might be something they should care about. Today it now seems that if you’re the CEO of an organization that has a large cybersecurity failure, it can put your job in jeopardy.
This probably shouldn’t surprise anyone who is paying attention: there have been plenty of warnings about just this over the years. The difference this time is it seems to be real. The easiest way to get your CEO to care about cybersecurity is for real consequences to exist. It’s easy to ignore a problem when it won’t really affect you in a negative way.
There are many security groups that have been waiting for this to happen. Many of us knew that someday security would get the attention it deserves from the boardroom. It’s finally time to save the day. We can imagine the CEO showing up and asking for help while the security team flies into action and gets to be the hero everyone deserves!
However, if you’re in an organization with a CEO that suddenly cares about security, you should be mindful that nothing is free. If the CEO is asking for help from the security team, it’s time to make sure they understand the current and future funding of the security group. It can be exciting to get attention, but make sure you think with the future in mind. It’s time to hold out the hat.
It’s very common in the security space to see a leader come to us and ask if something can be done. For example, maybe you need to better protect your database, or maybe that customer data should be locked up. That old Windows 95 machine in accounting? Yeah, let’s get rid of that thing. This is the point at which we must stop being security leaders and start being business leaders.
