Peter Crow
  • Home
  • About
  • Musings
  • Research
  • Contact

Cybersecurity: is it time for a Goldilocks conversation?

28/8/2015

0 Comments

 
Cybersecurity is getting lots of airtime at present, often for all the wrong reasons. Reports of leaks, hacks, and data breaches pervade news sites on an almost daily basis it seems. Sadly, many news articles are sensationalist: but that is what sells the news, I guess.
Many studies have been conducted to try to understand the problem—most of which seem to offer little when it comes to meaningful recommendations for directors seeking to mitigate business risk. Consequently, most studies and reports go in one ear and other the other.
However, a recent study by the Ponemon Institute does make interesting reading (link here). The purpose of the study was to determine if boards of directors are a help or hindrance to creating a strong cybersecurity posture. Significant differences between how boards and IT security folk perceive risk (especially cybersecurity risk) were exposed. The technical people tend to talk it up (validly or otherwise), whereas directors typically consider cybersecurity as one risk amongst many others. That directors and technical people have quite different perceptions about cybersecurity is hardly a surprise. However, it does highlight an operational problem. The perception gap has the potential to see either too much or too little invested in appropriate risk mitigation measures. Either way, the impact on the overall performance of the business is likely to be significant. How might this be addressed?
Picture
Perhaps the answer lies in a candid Goldilocks meeting, whereby directors, executives and IT security folk meet together (for as long as it takes), to discuss and reach agreement on two things:
  • Understand cybersecurity from a risk perspective
  • The nature of cybersecurity risk and how it might be addressed
A Goldilocks meeting should have the effect of ensuring that the board is suitably informed about cybersecurity matters, and the IT security people should gain an appreciation of the balance of the risks the board needs to consider. An appropriate action plan, agreed between the parties and based on a common understanding, could ensue.
To have the board, executives and technical people working together with an agreed purpose and outcome in mind, rather than talking past each other as is typical in many cases I have witnessed, might sound fanciful. However, it's bound to do wonders for morale and culture. Perhaps it might be the most beneficial outcome!
0 Comments



Leave a Reply.

    Search

    Musings

    Thoughts on corporate governance, strategy and the craft of board work; our place in the world; and, other things that catch my attention.

    Categories

    All
    Accountability
    Conferences
    Corporate Governance
    Decision Making
    Director Development
    Diversity
    Effectiveness
    Entrepreneur
    Ethics
    Family Business
    Governance
    Guest Post
    Language
    Leadership
    Management
    Performance
    Phd
    Readings
    Research
    Research Update
    Societal Wellbeing
    Speaking Engagements
    Strategy
    Sustainability
    Teaching
    Time Management
    Tough Questions
    Value Creation

    Archives

    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    December 2021
    November 2021
    July 2021
    June 2021
    March 2021
    February 2021
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    November 2019
    October 2019
    July 2019
    June 2019
    May 2019
    April 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    August 2018
    July 2018
    June 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012

Peter Crow PhD CMInstD

Company director | Board advisor
© COPYRIGHT 2001–23. TERMS OF USE & PRIVACY
Photos used under Creative Commons from ghfpii, BMiz, Michigan Municipal League (MML), Colby Stopa, MorboKat
  • Home
  • About
  • Musings
  • Research
  • Contact