Corporate security is doomed to fail without executive support and buy-in

Many of my corporate governance conversations in the CCISO program focus on the fact that the business is missing from the security equation! If hundreds of global IT and security executives are talking about this in a closed session, this is worth talking about and exploring in a public forum.

Facts according to Keyaan:

1. Security is an integral part of corporate governance.
2. The business is accountable for corporate governance; security has responsibilities that contribute to success.
3. It is imperative for the business to be intentional and engaged in all matters related to corporate security – especially at to board and executive level.
4. Compliance and security satisfy different requirements. Compliance is not enough.
5. Security is not limited to technology. People and processes are also important.

Don’t just take my word for it.

The 2019 Global Cyber Risk Perception Survey from Marsh and Microsoft found that key decision makers are not spending much time on cyber risk management, and only 17% of executive leaders and board members spent more than a few days over the past year focusing on cyber risk issues.

The 2019-2020 NACD Public Company Governance Survey found that 61% of the corporate directors who responded report that they would be willing to compromise on cybersecurity to achieve business objectives, while only 28% prioritize cybersecurity above all else.

A global pandemic shouldn’t be the only driver that compels directors and executive business leaders to seek information that helps them make the right decisions about corporate security. The need to immediately shift from working in corporate offices to working from home should highlight the value of planning that includes an effective security and risk management.