Far too many boards and CEOs see cybersecurity as a set of technical initiatives and edicts that are the domain of the CIO, chief security officer and other technical practitioners. In doing so, they overlook the perils of corporate complexity—and the power of simplicity—when it comes to cyber risk. We’d propose, in fact, that leaders who are serious about cybersecurity need to translate simplicity and complexity reduction into business priorities that enter into the strategic dialogue of the board, CEO and the rest of the C-suite.
Questions such as the following can help catalyze this conversation:
- How does a full accounting of cyber risk affect our business model’s attractiveness, and does that suggest the need for a “simplification agenda”?
- How transparent are the cyber risks and trade-offs associated with our external partnerships, and what would be the pros and cons of simplifying our ecosystem to make them more manageable?
- How risky are our IT-enabled legacy processes, and how should we prioritize investments to secure, simplify and transform them to achieve competitive advantage?
Leadership teams who grapple with questions like these and embrace simplicity boost their odds of making the entire enterprise securable.
Source: Simplifying cybersecurity
Subjects: IT Questions, Risk Management Questions