Cybersecurity Has Become Everyone’s Accountability

Blog Post A Culture that Fuels Our Strategy

Cybersecurity is only one small aspect of securing business continuity.

How much could a failure of your digital fence cost your business? 

According to an Accenture study, in 2018 the average yearly cost to one business, institution or organization of cybercriminal acts is $13m, up 72% in the last five years. What does this average mean with an infinite dispersion? It means cybercrime can actually cost you your whole business. How much are you ready to invest in the right cybersecurity organization and tools against this potential threat?

Across all the types of cyberattacks (malwares, DoS, ransomwares, etc.), what often happens is someone in your organization takes the wrong action at the wrong moment, and most of the time unknowingly.

Therefore, we must acknowledge that no system, no expert CISO, and no tool will deliver guaranteed full protection from the risk of cybercrime unless the culture of your organization transforms.

Cyber-protection is a question of culture.

At Insigniam, we recognize that giving people more training and workshops will not be a sufficient solution given the creativity of cybercriminals and the growing complexity of the IT/IS systems your people have to interact with. The access to radically shifting the performance of your teams to be able to protect against cyber-risk comes from transforming how the issue of cybersecurity and their role in it are experienced by them in their daily jobs.

As one example, cybercrime is perceived as the acts of criminals, the bad hacker guys of the net. These instances of lower-stakes crime appropriately remain in the realm of IT’s accountabilities. Securing IT infrastructures and enforcing practices and behaviors of their communities of users is part of their mission.

However, we must also consider this new form of cyber-white-collar-crime organized by nations to influence democratic processes, acquire industrial assets from other countries for a highly-discounted price , and acquire significant data from consumers and citizens in spite of GPDR. With these new threats, the stakes are higher – these crimes pose serious geopolitical risks and significant threats of security.

Should cybersecurity teams report to IT?

To take into account these new threats, cybersecurity should be considered as one leg of the overall strategy and risk management processes of your company, with a strong link with your economical intelligence department. 

To counter the weakness or narrowness of traditional strategic perspectives on this highly complex geopolitical environment, risk-managers and perspectivists in companies would be wise to rely on a growing number of networks of community hackers, economists, scholars, and think tanks who share their assessments of global risks and suggestions for managing them.

Equally important is a radical cultural shift of the entire organization. Managing the threat of cybercrime must be viewed as a responsibility of each employee in the organization, instead of as just another task for IT to deal with. Currently, only 16% of CISOs says their employees are accountable for cybersecurity. Until this number grows, companies will continue to weather massive losses from cybercrime attacks.

The capabilities and motivations of cybercriminals are changing, and the stakes are growing higher. It is time for businesses to ensure that awareness of these risks is embedded in the culture of their organizations from the highest levels of strategy to the average worker.

Discussion