Should Your CEO Be Held Responsible for Your Corporate Security Strategy?
- With breaches happening regularly, there’s a lot to lose if the bad guys get in.
- Our research finds most companies invest in our tech to protect business assets (like IP, customer records, etc.).
- When company stock takes a dive because of a breach, it gets everyone’s attention.
The Identify Theft Resource Center has a 2016 Breach List summing up 980 breaches with over 35 million records exposed in the US.
If you drill down into the various agencies and companies who experienced a breach last year, it includes names like Quest Diagnostics, University of Wisconsin, Madison, Veterans Management Services, Inc., University of Vermont, CVS Health, Caesars Entertainment, US Olympic Committee, Aon Hewitt, Capitol One, Boeing Employees Credit Union, and the list goes on. Healthcare, financial services, schools, all fell victim to being breached in 2016.
Learn more: Watch Bromium At-A-Glance
What’s the real cost of being owned?
While the report lists the extent of the intrusion, what it doesn’t list how much these events cost the companies. Those can be both tangible and intangible from security costs in chasing down the breach and remediation to stock value, liability lawsuits and insurance premiums which are all likely to be activated when information is compromised. So when InfoSecurity asks, “Should C-Level Bonuses Be Linked to Cybersecurity Success?”, it seems like a reasonable question.
According to the article, “One of the hardest aspects of such a strategy would be determining what a ‘good’ cybersecurity operation looks like.” No kidding. Isn’t this what everyone is struggling to figure out? And yet, as Boards of Directors seek to assign responsibility when things go haywire, it might at least behoove the C-Suite to know how their corporate security strategy is designed.
Performance pay slashed after data breach.
The article points to one example, TalkTalk CEO Dido Harding, who “saw her performance pay slashed by more than a third to £220,000 as a result of the catastrophic data breach the company suffered last year.” Will that make it less likely that TalkTalk won’t get hit again? Probably not. But it does make it likely that folks at TalkTalk are paying a lot more attention to how they’ve tackling security and where they keep their business assets.
Is holding the C-Suite responsible for cyber security the right thing? We’d love to hear from you. What is the role of executive leadership and protecting business assets and customer data?