When I was recently interviewed by Chief Executive Magazine, I had the opportunity to focus on the role that a chief executive plays in cybersecurity. The CEO of any company, no matter the size, is an extremely busy individual. Adding cybersecurity duties to the already long list of responsibilities is not something that is advisable, nor would it be well received. What is advisable, however, is for the CEO to set the tone emphasizing the importance of cybersecurity and having a solid cyber incident response plan that includes the CEO's participation. The CEO must be involved in (i) the testing of the plan; (ii) the after-action discussion of the test; (iii) and the implementation of changes to the plan, which will inevitably come about to close gaps the test exposes.
As I pointed out in the article, there is a better than average chance that any IT environment will get breached. The key to mitigating the damage is responding thoughtfully to that breach. Employing endpoint monitoring and a threat hunting capability to look for suspicious activity in your network is integral to identifying and minimizing the effects of a breach. Reacting to the attack with a plan that pulls in all departments - legal, communications, compliance - not just IT, is critically important. Setting the “tone from the top” for the importance of formulating and testing a cyber incident response plan through high-level engagement by the CEO is worth the investment in time for a busy chief executive when weighed against the potentially material financial as well as reputational impact of a major breach.