Are You Ready to Respond to These Security Questions From Your Board?
There’s nothing quite like getting stumped by a question from a board member. Brush up on these details around cybersecurity and business risk and you’ll be ready.
Technology teams have always received a decent portion of the overall spending in organizations, but the cybersecurity requirements of modern businesses have caused these dollars to scale dramatically upwards. Even with spends upwards of $14 billion by Canadian businesses, 1 in 5 businesses was hit by cyberattacks in 2017 according to a new Statistics Canada Survey. As these numbers continue to rise, proactive security strategies become increasingly vital as businesses attempt to stop the spread of malicious files and other attacks. In the midst of these evolving threats, board members are hearing the sensationalist news articles and will likely have a range of questions for your leadership. Here are a few suggestions of details to have at hand before your next board meeting.
Is Our Cybersecurity Spending Excessive?
It’s nearly impossible to define “excessive” to a room full of leaders with different backgrounds and priorities for the future, but you can address the amount that’s being spent and how it relates to others in your particular industry. With the majority of Canadian businesses citing a need to protect the information, prevent fraud and security continuity of operations in a recent study, the general breakdown for Canadian businesses was:
- $8 billion for employee salaries
- $4 billion on cybersecurity software and related hardware
- $2 billion on other security measures
You could share this information If your spending percentages roughly match up with the national average.
How Much Would a Cyberattack Cost Our Business?
While it’s nearly impossible to quantify the exact amount of risk your business incurs due to cybersecurity, there are some assumptions that you can share with your board to help them understand the potential scope. With Canadian businesses averaging 23 hours of downtime per attack, you’ll also need to factor in the following:
- Lost consumer confidence due to negative publicity from the attack
- Cost of notifications to customers
- Changes to technology platforms, such as websites, email servers and infrastructure
- Remediation of the problem — removal of malware or ransomware
- Potential ransom payments if they are demanded
- Proactive review and schedule of updates for the future
- Possibility of lawsuits
- Any government non-compliance fines or fees
While this is certainly not an exhaustive list of impacts to your business in the event of a cyberattack, it can help paint the broad strokes of the organizational impact for your board members.
Who is Handling Our Corporate Cybersecurity?
More than 73% of Canadian businesses designated an employee or team to lead the charge on cybersecurity. This may not always be a senior executive and might be a line-level leader or director, although that is less common. Due to the extent of the liability associated with cybersecurity, many organizations are naming a Chief Security Officer or adding these cybersecurity duties to the CIO’s or CTO’s role. As your board learns more about cybersecurity and organizational impact, they are likely to request a threat overview that details the security posture of the organization.
With All This Spending, Why Did We Still Experience an Attack?
Regardless of your readiness level, a cyberattack is an unfortunate reality. It’s important that you share the attack itself is a danger, but the bigger risk to the business is how quickly you’re able to rebound and regain operations after an incident. Explain in detail what happened, how you’re guarding against it in the future. It’s not remiss to tie back your current cybersecurity spending to the attack and show how either additional funds could have helped, or how your spending helped speed remediation and reduce the costs of regaining system access.
Protecting your organization from attack starts with a thorough understanding of your technology infrastructure and the various solutions that you have in place for your business. At Checksum Systems, our technical experts take the time to listen and map out your current business infrastructure before making recommendations for improvements or changes. We want to be sure that we fully understand your needs, and our team is always willing and available to answer questions about cybersecurity and other technology topics. Contact us today at 647-952-9823 or fill out our quick online form to schedule your free initial consultation.