This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Cyber Defense: Minimizing the Impact of a Breach Starts at the Top

When I was recently interviewed by Chief Executive Magazine, I had the opportunity to focus on the role that a chief executive plays in cybersecurity.  The CEO of any company, no matter the size, is an extremely busy individual.  Adding cybersecurity duties to the already long list of responsibilities is not something that is advisable, nor would it be well received.  What is advisable, however, is for the CEO to set the tone emphasizing the importance of cybersecurity and having a solid cyber incident response plan that includes the CEO's participation.  The CEO must be involved in (i) the testing of the plan; (ii) the after-action discussion of the test; (iii) and the implementation of changes to the plan, which will inevitably come about to close gaps the test exposes.  

As I pointed out in the article, there is a better than average chance that any IT environment will get breached.  The key to mitigating the damage is responding thoughtfully to that breach.  Employing endpoint monitoring and a threat hunting capability to look for suspicious activity in your network is integral to identifying and minimizing the effects of a breach.  Reacting to the attack with a plan that pulls in all departments - legal, communications, compliance -  not just IT, is critically important. Setting the “tone from the top” for the importance of formulating and testing a cyber incident response plan through high-level engagement by the CEO is worth the investment in time for a busy chief executive when weighed against the potentially material financial as well as reputational impact of a major breach.  

Questions a CEO must ask include: Is vital data being stored offsite, and how often is that offsite data tested to make sure it isn’t infected with malicious code? What’s the planned response to a cyberattack? Are you testing the plan? What changes are made after a test? “The CEO should be part of those tests and the plans,” Gallagher says.