As business are digitizing, companies get more and more vulnerable in front of cyberattacks. The numbers are impressive: in 2025 is expected to be 75 billion connected devices. Considering that more than 300.000 new malware programs are created every day, the risk is real.
According to a recent McKinsey survey, only 16% of the participating companies say that they are well prepared to deal with cyber-risk. Organizations are starting to realize that they need specialization when it comes to protecting the system. Not only knowing how to react to cyber-attacks and malwares, but also knowing how to implement preventive controls.
It is a common mistake to leave all the responsibility of this issue to the IT department because they are linked to technical processes, but it’s more and more something that affects the whole business. Therefore, board members should be able to create a strategy to counter these cyber security issues.
Gartner says that the incapability of IT security team to manage alone digital risk will led to significant service failures for 60% of digital business by 2020. But actually, responsibility needs to be driven from a transversal senior level so all the divisions of the business are engaged. It should have a clear leadership that has the capacities to prioritize and make good decisions focusing on developing technic skills and tools.
In general, boards have increased their awareness in relation to cyber security understanding that cyber risk management require their attention as much as any other risk for the business. They recognize that workers need to be well-educated on that matter, but that’s easier said than done. It is hard to train non-tech people, that’s why members of Forbes Technology Council recommend these simple 10 tactics for teaching cyber security best practices to employees:
- Explain how cyber security can be a business enabler.
- Use metaphors and analogies that apply to them.
- Personalize your training by department.
- Highlight positive progress and keep sending “How to avoid…” tips.
- Stick to the basics and practical aspects, focus on what to look for in terms of suspicious activity.
- Establish consistent and uniform communication processes.
- Help them to understand the direct negative impact on that individual of poor security.
- Encourage a ‘sanity check’, double-check every movement online if there are personal data involved.
- Simulate a hack to evaluate you employees.
- Lay a foundation of ‘Cyber common sense’, it’s crucial to ensure that everyone is armed with the same tools
Companies have to put cyber security at the same level as any other business risk and consider it everyone’s responsibility.