It’s no longer acceptable to end a conversation with the words “I wasn’t aware” or “Oh that’s our CISO, they manage this.” Ignorance of the law, as the phrase goes, is bliss. “Knowledge is power,” remarked Cypher in the movie Matrix, but we can no longer rely on those who have been judged to guard us against danger. Ok? Our CEO, on the other hand, is not a technical person; how can we expect him to comprehend our intricate system? These days CEOs aren’t the same as those of the 1950s; they realize the need of having adequate security in place and the potential consequences of failing to do so. Having a basic chat is the first step. Slack is a great place to start, but don’t forget to include your CEO when you’re posting the newest threat or data breach news in your group conversation. There is no guarantee, but you may get a response that asks, “Are we protected against this?” As the tale unfolds, this one action will serve as the catalyst for a long-delayed exchange of words.
This post is not about blaming a CEO or a lobbying group, but it is time for “equal accountability”. “Captain Edward Smith” once stated this “You’ve done your duty and done it well, fellows. All I need from you is this. “You have my permission to go.” The right words at the right moment. Security knowledge among CEOs: is it as essential as the Titanic’s demise? Even if that isn’t the case, when things become tough, we look to our leaders for guidance, because we know they will do what’s best for the firm. It’s the CEO’s job to ensure the safety of both employees and customers, and he or she is ultimately accountable for the company’s overall performance. Our own Mike Talon, in an essay titled “When Ransomware Kills,” provides an awful illustration of how security may have a negative impact on people’s lives. “We’re all in this together,” we say during these difficult times as we cope with this pandemic. We are all in this together, and this should teach us that even if we work from home at a kitchen table we call a desk, we all have a role to play. What are we hoping to see happen to the CEO in the event that the ship goes down? No, but there comes a point when the CEO’s “quarterly statistics prediction” has a place at the table for forecasting essential company security requirements “Nonetheless, This may be a tall order, but the alternative of saying “We’ll make security a priority after the attack” leads the organization down a steep slope toward an opponent anxiously waiting for a quick payoff. Customers’ trust and data privacy might be further damaged even if the ransom is paid, even if the stolen details are returned. What if we empower people who have the capacity to recognize that the route to danger is a four-way stop rather than relying on rules, sanctions, and regulations? Get out there and see what’s around you.
Reference Link: https://blog.cymulate.com/ceo-security-liable/?utm-1/#
Brothers, J. (2020, December 9). Will CEOs Be Personally Liable for Security Breaches?. Will CEOs be Personally Liable for Security Breaches?. https://blog.cymulate.com/ceo-security-liable/?utm-1/#.