With all the bad press around data breaches lately, you’d think companies would develop a more conscientious approach to cybersecurity. However, there still seems to be some fundamental confusion around whose duty it is to secure the data.
As long as this vital question remains unanswered, companies will continue to make less-than-optimal decisions when it comes to their cyber liability and security.
Whose Job Is It Anyway?
Let’s start with a question. If you had an important task that needed to be done, but were unsure of who was managing the project, would you be confident that it would be completed correctly? Of course not. Yet the same cloud of ambiguity hangs over information security.
While many organizations have put the responsibility squarely upon the shoulders of IT departments for obvious reasons, this strategy does not ensure data will remain secure outside of the IT department. This is especially true as more workplaces adopt bring-your-own-device (BYOD) policies, which could allow threats to come from anywhere.
Some thought leaders recommend empowering a chief information security officer (CISO) to be independent operator who can maneuver between departments and assess risks across an entire organization.
This, however, might not be enough. CTOvison writes, “Putting a CISO in charge may place too much focus on information security specifically and not other security problems.”
Others propose hiring a chief data officer (CDO) because he or she will put a greater emphasis on data governance. Author, IT consultant and MIT professor Stuart Madnick suggests that since the “CDO is responsible for maximizing the value of that data in the organization, then it would stand to reason that the CDO should have some role in ensuring and protecting the value of that information.”
Still others advocate that the CEO take charge. However, research from PwC found that 14 percent of executives surveyed admitted to lacking a cybersecurity strategy and being reactive when it came to information security; which is probably why Harvard Business Review goes further to say “cybersecurity is every executive’s job.”
While large enterprise companies have the money and resources to continuously rethink and redevelop executive roles to combat the ever-growing threat of cyber criminals, small businesses do not. And, of course, cybersecurity is important for companies of all sizes.
Another Brick in the Firewall
No matter how complex businesses think cybersecurity is or how much money they put into combatting it, the truth is that cyber criminals don’t care about the hierarchy of your teams. Instead, they will almost always prefer to exploit your weakest link.
In fact, the number one cause of a data breach is employee negligence. By carelessly clicking a link in a spam email or entering your credentials into a phishing scam, you could open your organization to criminal infiltration. That’s why it is absolutely crucial that your employees understand best practices when it comes to cybersecurity.
While it may still be valuable to assign a leader to protect your digital assets, it is far more important to take a holistic approach. By realizing that the onus of reasonability is placed on everyone in your business, you can better safeguard your data.
Last Line of Defense
Even if you take every step to secure your business, crafty hackers may still be able to harm your operations. Over 43 percent of small businesses suffered cyberattacks in 2015, with the average loss per business being $180,000! Where would that leave your company?
That’s why every business should invest in cyber liability insurance. Think of it as your Plan B to protect your company against extortion, loss of business, data breaches and identity thefts.
By educating your employees and taking advantage of cyber liability insurance, you can afford peace of mind.