What cybersecurity responsibilities rest with the CEO?
What cybersecurity responsibilities rest with the CEO?
In relation to cybersecurity, the role of the CEO is going to differ slightly depending on whether or not your organisation is listed, public sector, large, small or is at the forefront of tech developments (i.e. no excuses). That said, some central tenets hold true and we have laid some out here.
The three phases that CEos care about in relation to cyber (well any) issues are before, during and after. Trustify is here to help you at all three stages.
Before
Choosing teams, choosing tech, dry running scenarios, feedback on how teams operate.
During
Pivoting towards the incident, leadership, comms (and apologies), execution of the plan, reporting, devising a way forward and selling that internally and externally.
After
Lessons learned, emerging stronger, improving systems and processes, dealing with the lessons learned and underlying issues, new scenario planning.
Before
Choosing teams, choosing tech, dry running scenarios, feedback on how teams operate.
During
Pivoting towards the incident, leadership, comms (and apologies), execution of the plan, reporting, devising a way forward and selling that internally and externally.
After
Lessons learned, emerging stronger, improving systems and processes, dealing with the lessons learned and underlying issues, new scenario planning.
Get Ready for your first incident
Cybersecurity breaches occur because there is a weak link in the chain somewhere: either a system, a process or a human intervention has led to the breach. A successful recovery from a breach does not allow for a weak link, however.
The team that the CEO puts in place to handle cyber risks is probably the single most important element. Leaders who can act decisively but calmly in challenging situations are essential to the organisation emerging well from a breach. Using external advisers is often a great way of making sure that the CEO is free to make the best possible decisions in challenging times. In our experience, using external crisis communications and reputation management lawyers at this point in time will more than pay themselves back in the short-to-medium term.
In the immediate aftermath of an incident, the CTO or Head of IT will need to confirm if the issue has been locked down – this is something that we can help with no matter the size of your organisation. Challenges likely to be at the fore in 2019 include email attacks (phishing and whaling attacks) as well as digital identity threats where scammers poach data through impersonating your organisation onine (see BlackRock and BA for recent brands affected by this).
If we could sum up one word that the CEO has to establish in relation to cyber, it’s trust. Your stakeholders need to trust that you are ready to handle a cyber issue. Trust. It’s in our name.
Get Ready for your first incident
Cybersecurity breaches occur because there is a weak link in the chain somewhere: either a system, a process or a human intervention has led to the breach. A successful recovery from a breach does not allow for a weak link, however.
The team that the CEO puts in place to handle cyber risks is probably the single most important element. Leaders who can act decisively but calmly in challenging situations are essential to the organisation emerging well from a breach. Using external advisers is often a great way of making sure that the CEO is free to make the best possible decisions in challenging times. In our experience, using external crisis communications and reputation management lawyers at this point in time will more than pay themselves back in the short-to-medium term.
In the immediate aftermath of an incident, the CTO or Head of IT will need to confirm if the issue has been locked down – this is something that we can help with no matter the size of your organisation. Challenges likely to be at the fore in 2019 include email attacks (phishing and whaling attacks) as well as digital identity threats where scammers poach data through impersonating your organisation onine (see BlackRock and BA for recent brands affected by this).
If we could sum up one word that the CEO has to establish in relation to cyber, it’s trust. Your stakeholders need to trust that you are ready to handle a cyber issue. Trust. It’s in our name.
Security solutions tailored to your specific needs
Certificate services
We provide managed certificate services for larger enterprises – called AIM 2.0. Front-line security across your digital real estate.
Digital brand services
Digital identity services put trust at the heart of your transactions with clients and customers, use an LEI to stand out.
Professional services
Consulting services to provide precisely the right cybersecurity solution for your organisation.
For SMEs
We provide products for start-ups and smaller accountants, insurers and retailers, medium-sized law firms and financial services companies, for schools and biotechs.
For Enterprises
We’re trusted to solve cyber-security for major organisations across the public, insurance, financial services, legal, pharmaceutical and accountancy sectors.
For SMEs
We provide products for start-ups and smaller accountants, insurers and retailers, medium-sized law firms and financial services companies, for schools and biotechs.
For Enterprise
We’re trusted to solve cyber-security for major organisations across the public, insurance, financial services, legal, pharmaceutical and accountancy sectors.