Drive Cybersecurity Strategy, Investment and Culture
Being a leader in cybersecurity does not require technical expertise, but rather an ability to change the culture of your organization. Reducing your organization’s cyber risks requires awareness of cyber basics.
As a leader, you need to drive your organization’s approach to cybersecurity as you would any other hazard (e.g. how you identify risk, reduce vulnerabilities, and plan for contingencies).
This requires an investment of time and money, as well as the collective buy-in of your management team. Your investment drives actions and activities, and these build and sustain a culture of cybersecurity.
Actions for Leaders
1. Approach cyber as a business risk
2. Determine how much of your organization’s operations are dependent on IT
3. Discuss with IT Staff and Service Providers to answer the following questions:
a. What type of impact would be catastrophic to your operations?
b. What information if compromised or breached would cause damage to employees, customers, or business partners?
c. What is your level of risk appetite and risk tolerance? Raising the level of #cybersecurityawareness helps reinforce the culture of making informed decisions and understanding the level of risk to the organization.
Visit National Institute of Standards and Technology (NIST) and
Cybersecurity and Infrastructure Security Agency for more resources to take action today!
