Peter Crow
  • Home
  • About
  • Musings
  • Research
  • Contact

Cybersecurity: is it time for a Goldilocks conversation?

28/8/2015

0 Comments

 
Cybersecurity is getting lots of airtime at present, often for all the wrong reasons. Reports of leaks, hacks, and data breaches pervade news sites on an almost daily basis it seems. Sadly, many news articles are sensationalist: but that is what sells the news, I guess.
Many studies have been conducted to try to understand the problem—most of which seem to offer little when it comes to meaningful recommendations for directors seeking to mitigate business risk. Consequently, most studies and reports go in one ear and other the other.
However, a recent study by the Ponemon Institute does make interesting reading (link here). The purpose of the study was to determine if boards of directors are a help or hindrance to creating a strong cybersecurity posture. Significant differences between how boards and IT security folk perceive risk (especially cybersecurity risk) were exposed. The technical people tend to talk it up (validly or otherwise), whereas directors typically consider cybersecurity as one risk amongst many others. That directors and technical people have quite different perceptions about cybersecurity is hardly a surprise. However, it does highlight an operational problem. The perception gap has the potential to see either too much or too little invested in appropriate risk mitigation measures. Either way, the impact on the overall performance of the business is likely to be significant. How might this be addressed?
Perhaps the answer lies in a candid Goldilocks meeting, whereby directors, executives and IT security folk meet together (for as long as it takes), to discuss and reach agreement on two things:
  • Understand cybersecurity from a risk perspective
  • The nature of cybersecurity risk and how it might be addressed
A Goldilocks meeting should have the effect of ensuring that the board is suitably informed about cybersecurity matters, and the IT security people should gain an appreciation of the balance of the risks the board needs to consider. An appropriate action plan, agreed between the parties and based on a common understanding, could ensue.
To have the board, executives and technical people working together with an agreed purpose and outcome in mind, rather than talking past each other as is typical in many cases I have witnessed, might sound fanciful. However, it's bound to do wonders for morale and culture. Perhaps it might be the most beneficial outcome!
0 Comments



Leave a Reply.

    Search

    Musings

    Thoughts on corporate governance, strategy and boardcraft; our place in the world; and other topics that catch my attention.

    View my profile on LinkedIn

    Categories

    All
    Accountability
    Artificial Intelligence
    Conferences
    Corporate Governance
    Decision Making
    Director Development
    Diversity
    Effectiveness
    Entrepreneur
    Ethics
    Family Business
    Governance
    Guest Post
    Language
    Leadership
    Management
    Monday Muse
    Performance
    Phd
    Readings
    Research
    Research Update
    Societal Wellbeing
    Speaking Engagements
    Strategy
    Sustainability
    Teaching
    Time Management
    Tough Questions
    Value Creation

    Archives

    July 2025
    June 2025
    May 2025
    April 2025
    March 2025
    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    May 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    December 2021
    November 2021
    July 2021
    June 2021
    March 2021
    February 2021
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    November 2019
    October 2019
    July 2019
    June 2019
    May 2019
    April 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    August 2018
    July 2018
    June 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012

Dr. ​Peter Crow, CMInstD
© Copyright 2001-2025 | Terms of use & privacy
Photo from Colby Stopa
  • Home
  • About
  • Musings
  • Research
  • Contact