Thursday, March 30, 2023
ISTARI study highlights CEOs' insights on cyber resilience
Wazzup Pilipinas!?
First-of-its-kind study explores the minds of CEOs in managing cyber risk and provides a playbook on how they can improve
Drawing on 37 in-depth interviews with global CEOs, nine of whom had endured a serious cyberattack, researchers uncover the emotions and struggles in properly managing cyber risk.
ISTARI, a Temasek-founded global cybersecurity firm dedicated to helping clients build cyber resilience, and Said Business School at the University of Oxford today revealed the findings of their joint CEO Report on Cyber Resilience (https://istari-global.com/insights/articles/ceo-report). The report applies a top-management lens to cybersecurity risks and underscores the critical role CEOs play in building cyber resilience.
It shares insights from thirty-seven, one-hour-long face-to-face interviews with American, Asian and European CEOs whose businesses' average annual revenue is $12 billion, employing an average of 40,000 employees. One-third of the interviewees are from Asia. Nine of the CEOs interviewed had guided their company through a serious cyberattack.
When cyberattacks happen, CEOs are inevitably at the centre of the incident and act as the face of the company. And in a cyber climate where cyberattacks have become a question of
"when" and not "if"--with the Asia Pacific region facing the highest number of cyber-attacks in 2022--CEOs are naturally expected to take accountability when such unfortunate incidents occur. (bit.ly/3zfzKcb)
What CEOs really think about cyber risk: secret fears, uncertainty and discomfort
Under the condition of anonymity, the CEOs spoke with remarkable honesty about their feelings, frustrations and regrets about cyber threats and security.
The CEOs acknowledged that they are formally answerable to regulators, shareholders and their boards for cybersecurity. Yet the majority (72%) said they were uncomfortable making decisions about it, often leading them to delegate responsibility for, and understanding of, cybersecurity to their technology teams, which can jeopardise resilience.
Co-author of the report, Dr Manuel Hepfer, Head of Knowledge and Insights at ISTARI and a Research Affiliate at Oxford University's Said Business School, says: "Many CEOs we spoke with highlighted the agonies of having to make existential decisions on imperfect information under extreme pressure in an area they lack familiarity and intuition."
Four mindsets CEOs need to lead cyber resilient businesses
The study outlines four mindsets CEOs should adopt to build cyber resilience:
- All CEOs interviewed said they feel accountable for cybersecurity. However, a parallel ISTARI survey of Chief Information Security Officers (CISOs) found one in two European (50%) and almost a third of US (30%) CISOs did not believe that their CEOs feel accountable. This gap in perception, according to the research, lies partly in the meaning of accountability: instead of seeing themselves as accountable - being the face of the mistake - CEOs should assume co-responsibility for cyber resilience together with their CISO.
- CEOs should stay away from blindly trusting their technology teams. Instead, they should move to a state of informed trust about their enterprise's cyber resilience maturity.
- CEOs should embrace what the authors call the 'preparedness paradox': an inverse relationship between the perception of preparedness and resilience - the better-prepared CEOs think their organisation is for a serious cyberattack, the less resilient their organisation likely is, in reality.
- CEOs should adapt their communication styles to regulate pressure from external stakeholders who have different and sometimes conflicting demands. Depending on the stakeholder and the situation, CEOs should either be a transmitter, filter, absorber or amplifier of pressure.
"Put down your phones"
Leaders who have endured a cyberattack feel strongly about helping others avoid some of the mistakes they have made. As one CEO said: "Whenever I speak to a group of CEOs to share my learnings from the cyberattack, I start by saying, 'put down your phones for 15 minutes, you'll want to listen carefully to what I have to tell you'."
Rashmy Chatterjee, a co-author of the report and CEO of ISTARI, said: "It is self-evident that the impacts of a cyberattack go beyond IT. But, as our research shows, CEOs struggle to know how to lead their organisations' responses. From these candid conversations, we can better answer what their role should be and fill the gap in what CEOs need to do to build and command cyber resilient organisations."
The second part of the report synthesises such advice in a playbook for CEOs wanting to build cyber resilience in their enterprises, laying out specific steps CEOs can personally take to anticipate, withstand, respond and adapt to serious cyberattacks.
Michael Smets, co-author and Professor of Management at Said Business School said: "The fact that all CEOs in our study felt accountable for cybersecurity, but less than a third of them felt comfortable making decisions in that area reveals an alarming gap. To build cyber resilience, CEOs must close that gap. This report offers a first playbook to help CEOs do so."
To discover more about how CEOs can build a cyber resilient organisation, read the full report (https://istari-global.com/insights/articles/ceo-report).
Picture this: you're a business owner, and your company's security is your top priority. You want to ensure that your digital fortress is impenetrable, and that's where penetration testing swoops in to save the day. It's like having a team of skilled hackers, but on your side! These experts simulate real-world cyber attacks to identify vulnerabilities in your system, and boy, is it a thrilling experience, here is more info https://welpmagazine.com/what-is-penetration-testing-and-why-is-it-important/.
ReplyDeleteNow, you might be wondering, why is this adrenaline-pumping activity so important? Well, my friend, let me enlighten you. In today's digital age, cyber threats are lurking around every corner, ready to pounce on unsuspecting victims. But fear not, because penetration testing is here to save the day! By proactively identifying weaknesses in your system, you can patch them up before the bad guys even have a chance to strike. It's like having a superhero on your side, protecting your business from the shadows.
But wait, there's more! Penetration testing not only helps you fortify your defenses, but it also ensures compliance with industry regulations. With the ever-evolving landscape of cybersecurity, staying up to date with the latest standards is crucial. By conducting regular penetration tests, you can demonstrate your commitment to security and maintain the trust of your customers. It's like having a shiny badge of honor that says, "We take security seriously!"
Now, let's talk about the experience of using penetration testing services. It's like embarking on a thrilling rollercoaster ride, filled with twists and turns that keep you on the edge of your seat. The anticipation builds as the experts meticulously plan their attack, just like a mastermind plotting their next move. And when the test begins, the adrenaline rushes through your veins as you witness the vulnerabilities being exposed, one by one.
But fear not, my friend, because the experts are there to guide you through every step of the way. They provide detailed reports, highlighting the weaknesses they've discovered and offering recommendations to strengthen your defenses. It's like having a personal coach, cheering you on and helping you become the cybersecurity champion you were meant to be.