Persuading leaders to get onboard with cyber security

How can organisational leaders be persuaded to become more actively involved in promoting cybersecurity?

“We have to prepare leaders by letting them go through stressful exercises.”

Professor Marco Gercke, the founder of the CyberCrime Research Institute, talks to Jeremy Swinfen Green about organisational leaders can learn how to respond appropriately to cyber-attacks.

Marco Gercke will be speaking at the inaugural teissBenelux2020 cyber security summit, taking place online from 27 to 29 October 2020. For free registration and more information, click here.

Video transcript:

Organisational leaders and top management are sometimes rather slow to engage with cybersecurity. Why do you think that is and how can they be persuaded to become more actively involved in promoting cybersecurity?

Well, let me start by fundamentally disagreeing. One of the main focus areas of our work is working with top management in Fortune 500 companies, so the top management and board level, and ministers of government for different governments, very often with the United Nations. And when we’re discussing with ministers or with the CEO of a large enterprise, I haven’t really met anybody who was not involved in this topic and who was not interested in how they need to respond.

What we have to do is we have to show them that, unlike technical standards that are telling a system administrator how to configure a system, there isn’t really much standardisation when it comes to risk management decision making. So what we have to do is we have to prepare them by letting them go through real exercises. This is something we’re doing with them. So we’re cooling the room, cooling down the temperature so that the stress level increases when the situation gets more dramatic, and then we’re going to show them a couple of cyber attacks against their company– sometimes it’s only a threatening video, it can be email coming in– and they have to take management decisions.

And what you will find out is that sometimes they feel uncertain how to respond. They know exactly what happens when something burns down or a plane crashes and how they respond to it, or when there is difficulty in the supply line. However, when it comes to a cyber attack they sometimes lack this knowledge of how long is it going to take, how to quantify it, and how do I respond appropriately?

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”” /]