Cyber attacks are growing every year. There are all kinds of stats out there to verify this: 78% of organizations worldwide were hacked in 2019. Additionally, 60% of small businesses close 6 months after a data breach. Yet, sadly, many organizations still fail to take cybersecurity seriously.
Statistics from the EY Global Information Security Survey (GISS) bear this out. While the study showed that almost 60% of organizations have faced an increased number of disruptive attacks in the past 12 months, only 36% of new, technology-enabled business initiatives included the security team in the discussions
Kris Lovejoy, EY Global Cybersecurity Leader, Advisory, says: "Cybersecurity has traditionally been a compliance activity, bolted on by a checklist approach instead of built into every technology-enabled business initiative. This is not a sustainable model. If we ever hope to get ahead of the threat, we must focus on creating a culture of security by design. This can only be accomplished if we successfully bridge the divide between the security function and the C-suite and enable the chief information security officer (CISO) to act as a consultant and enabler instead of the stereotypical roadblock."
Dave Millier also wrote about the problems of using a “bolt-on” approach to security in his novel Breached! A Cautionary Tale of Cybersecurity and Intrigue. In the novel, a fast-growing gastro-pub chain discovers that their new mobile application has been breached with customer credit card data stolen. In Breached, the security team had only been brought in at the end of the Software Development Lifecycle (SDLC) to static test the app so the developers could check it off the list.
The EY survey also highlights the mistrust between departments. “The relationship between cybersecurity and marketing is at best neutral, to mistrustful or non-existent, according to 74% of organizations; 64% say the same of the research and development team; 59% for the lines of business. Cybersecurity teams even score poorly on their relationship with finance on whom they are dependent for budget authorization, where 57% of companies say they fall short.”
A better approach is to make the Cybersecurity team an important partner in all departments of an organization, from Marketing and Innovation to Finance and Legal. Instead of thinking of security as just another checklist item to achieving compliance, it needs to be thought of as a best practice to achieve corporate success.
Cybersecurity may not be your business, but it is an integral part of every organization, just as finance and human resources are. To get help with your business’s cybersecurity, trust the experts at Quick Intelligence.
