Organizations with strong links between senior leadership and their cybersecurity teams feel better prepared for a cyberattack. Here’s how to make those links.
With cyberattacks growing more frequent and ever more complex, company leaders can no longer leave corporate security to the IT team. The C-suite (senior leadership) must get in the loop.
Global professional services giant Accenture found cyberattacks were up by 31 percent globally in 2021. Protecting against attacks must be a priority for leaders.
In partnership with Longitude, a Financial Times company, Kaspersky surveyed 750 leaders at enterprises around the world about their approach to cybersecurity. The research found that when companies have strong links between their C-suites and cybersecurity teams, they report being better prepared for attacks.
A quarter (26 percent) of respondents said strong integration of the C-suite and cybersecurity teams will be very important over the next two years. This small group, named the Integration Leaders, is better prepared to deal with a range of cyberattacks.
For example, 64 percent say they could deal comfortably with a cybersecurity threat created accidentally through employee error, compared to 47 percent of the rest of respondents.
Two ways to ensure C-suite integration
1. Share perspectives at the top
Evgeniya Naumova, Executive Vice President of Corporate Business at Kaspersky, believes the increased security risks with remote work have captured leaders’ attention since the pandemic began. They realized employees were more likely to be exposed to threats outside the office environment.
This, coupled with recent rises in cybercrime, has opened leaders’ eyes to the threats they face. “There was a switch — a really obvious switch — in their minds,” Naumova says. “They understood that it’s not just something to observe from afar — it needs to be top of their minds. Companies that did not have a chief information security officer (CISO) or tech expert on their boards of directors were promoting roles because now they understood they could lose their business in one day to an attack.”
By drawing on the experience and insights of the wider leadership team, CISOs and chief information officers (CIOs) can gain a broader perspective that could create more effective, 360-degree protection for the business.
Graeme Watt, CEO of UK IT giant Softcat, says responsibility for risk ultimately rests with the CEO – but he acts based on his CIO’s input. “I have a CIO who reports directly to me, and the information security team sits under them,” Watt says. “I am the person the board looks to on cyber risks, but I don’t do all the reporting myself. I bring the CIO into the board meeting when we’re talking about cybersecurity threats.”
2. Ensure effective cybersecurity training and collaboration
Integration between C-suite and cybersecurity teams starts with building a deeper understanding of the issues at hand. This can be achieved with the right training for senior leadership.
“Training for the C-suite has an additional goal of advocacy – turning managers into leaders of an organization’s cyber-awareness culture,” says Kaspersky’s Naumova. “Training using gamification and simulations of real attacks are particularly useful. First, they are more engaging, and second, they allow the C-suite to observe the results of their decisions instantly.”
Ricardo Lafosse, CISO at multinational food company Kraft Heinz, says the company promotes a culture of constant collaboration and communication between its cybersecurity team and wider leadership.
We report to the board on the cybersecurity landscape, our control sets and any gaps. They truly understand the impact of cybersecurity on the organization.
Ricardo Lafosse, CISO, Kraft Heinz
Lafosse continues, “A great example is marketing. From a privacy and cybersecurity perspective, we have a very close collaboration on how we manage data before we launch a marketing campaign. That shows the importance of cybersecurity as a business enabler.”
A welcome side-effect of promoting the importance of cybersecurity across the business is that employees at every level of the team feel more valued by the company. This is likely to improve retention rates – an important consideration, given the research found that one-third (34 percent) of company leaders believe the cybersecurity skills shortage will become critical in the next two years.
C-suite integration is consistent across the world
The research shows attitudes to greater alliances between cybersecurity teams and the C-suite are consistent globally. The most positive is Latin America, where half of enterprises (51 percent) say closer integration between the C-suite and cybersecurity teams will be very important in the next two years. The lowest is in North America, at 42 percent.
This is encouraging for enterprises with a multinational presence, as it’s important they embed and maintain their culture consistently across global operations.
Kraft Heinz’s Lafosse says C-suite integration at his company is part of a broader positive and proactive cybersecurity approach. “Culturally, the organization respects and responds to cybersecurity events, and we champion great people in the team,” he says. “The whole company also understands how reliant we are on cybersecurity.”
There are clear advantages in building strong links between senior leadership and cybersecurity teams. Any company seeking protection against ever-sophisticated cyber threats should nurture and value this relationship.