CEOs & CIOs: How Safe is Your Company from Hacker Attacks?
Take charge of your company’s security now (before cyber criminals strike)
Being a CEO in a modern corporation is a task more demanding than ever before.
CEOs are required to know about almost all aspects of his or her company and not only the corporate strategy or sales strategy.
As a CEO you need to know about both how to grow your company significantly, but you also need to know how to protect that value and keep it inside the company.
If we go back only 15 years, protecting value would have been relatively simple. Most value adding items were intellectual property rights, pieces of paper, a physical product or people’s knowledge. Now, you need to protect all of above and the data of your customers, your website and your business infrastructure. Additionally, if you run a business targeting consumers, then you are likely to have so much data that it qualifies as BIG DATA, especially if your business is primarily online.
If this is the case, then not only that you need to know about how to protect data, you also need to know the value of what you have and assess it, because you can be sure that others evaluate you as well.
The Real Threat
You might think; “Well, of course my competition is looking at us and assessing our data’s worth”. But I am not talking about your competitors. They are surely worthy adversaries who would love to have access to your data, but are they likely to commit a crime to get it? – No! That makes them a smaller risk, but there is a certain group of people, who specialize in stealing data of value and they are not worried about laws, they are the modern day IT criminals, hackers and data thieves.
The below graph can give you an idea about what hackers are looking for and how they value it:
Who’s in charge and responsible of company’s security? The CIO? The CEO?
Now, as a CEO you might think that this is up to your CIO to solve and you are right. However, it’s up to you to assess that risk as well. You need to be critical about the IT security issue and make sure that your company has a sufficient focus in that direction. Do CIOs need to be challenged as well? Yes, they do and all I want here is just to try and address your focus as CEO.
It’s not necessarily a discussion about funds, but it’s a discussion about where to look in your IT department as a start.
So why do I flag this as a relevant discussion?
Well, looking at recent company sell-offs like WhatsApp, they could have had a huge IT security budget in order to protect their customer data, because the sheer market value would easily cover the cost of a Data breach. This is especially the case if we factor in that this market value was only based on customer data and not their actual revenue.
I am not saying: just increase your IT security spending as a CEO. I just want to highlight that you need to make sure it outweighs the risk, because your job will be on the line.
Once your data is hacked, it will impact your company value severely especially if investors think that your intellectual property is breached, although that may not actually be the hackers’ primary goal. If you look at Sony for example, their shares were traded around 35$ on the 25th of April 2011, the day before their data breach. Although already in a down going slide the stock bottomed out 3 months later at 25$. With 1billion shares outstanding, that is a huge 10$ Billion loss of value in a period with stable or improving returns for Sony. On top of this, there comes the cost of efforts to contain the Hack and closing the gap, which also ran into hundreds of millions of dollars.
As a CEO or CIO reading this it should no longer be a surprise, that data leaks pose a real risk. Hackers penetrate large companies daily and the trend is that they are getting smarter. Hackers know that BIG DATA equals big money.
So, despite these huge numbers and more focused attacks, there is still a problem to get both the CEO and the CIO to actually act on security, before problems occur. Just recently this cost the CEO and CIO of Target their jobs.
So, what can we do?
As a reader you are now hopefully thinking, what should I do then? This is not a security architecture discussion, but speaking holistically, I think a good start for a CEO or a CIO would be to sit down and assess the net worth of your Data and Intellectual property, which is stored digitally. Because shareholders put a value on your intangible assets, naturally combined with the tangible factors such as ROI, EBIT, EBITDA.
Therefore, assess how much of your IT efforts should go into the tangible and intangible protection compared to their actual values for the company and then see how much money you are spending right now.
This discussion will most likely shift your IT Security focus.