Search
Close this search box.
Home / Articles / Cybersecurity Questions All Executives Should Be Asking in 2021

Cybersecurity Questions All Executives Should Be Asking in 2021

October 7, 2020

Share:

According to a 2020 IBM study, the average cost of a data breach is $3.86 million. The average time it takes to identify and contain a breach is 280 days. That’s a huge chunk of time devoted to damage control for what is most often a preventable crisis.

Cybersecurity is an important part of every company’s operating plan, and a well-protected network starts at the top. Here are five key questions that your company’s leadership cannot afford to ignore. Do you know the answers?

Question 1: Is your executive leadership informed about cyber risks that threaten the company?

Cybersecurity is about managing risk. A breach can have dire consequences, which makes managing cybersecurity risk a critical part of an organization’s governance, risk management and business continuity framework. Early response actions can limit or even prevent possible damage. Accordingly, timely reporting to leadership should be built in to the strategic framework for managing the enterprise. The CEO, Chief Information Officer, business leaders, continuity planners, system operators, general counsel and public affairs should be part of the chain of communications.

Question 2: What is our exposure to cyber risk, the potential impact of a breach and our plan for addressing both?

Identifying critical assets and associated impacts from cyber threats is critical to understanding your specific risk exposure, whether financial, competitive, reputational or regulatory. Risk assessment results are key to identifying and prioritizing specific protective measures, allocating resources, informing long-term investments and developing policies and strategies to manage cyber risks to an acceptable level.

Question 3: How does our cybersecurity program apply industry standards and best practices?

A comprehensive cybersecurity program leverages industry standards and best practices to protect systems, detect potential problems and enable timely response and recovery. Compliance requirements help to establish a good cybersecurity baseline to address known vulnerabilities, but do not adequately address new and dynamic threats, or address sophisticated adversaries. Using a risk-based approach to apply cybersecurity standards and practices allows for more comprehensive and cost-effective management of cyber risks than compliance activities alone.

Question 4: How many cyber incidents is normal for us? At what point is executive leadership informed?

Executive engagement in defining the risk strategy and levels of acceptable cyber risk enables close alignment with the business needs of the organization. Regular communication between leaders and those held accountable for managing cyber risks provides awareness of current threats, security gaps and associated business impact. Analyzing, aggregating and integrating risk data from various sources and participating in threat information sharing with partners helps organizations identify and respond to incidents quickly and ensure protective efforts are commensurate with risk.

A good way to establish updated security protocols is to have an assessment of your network. An IT Risk Assessment can show you where you stand and provide insights to a solid plan of action.

Question 5: How comprehensive is our cyber incident response plan? How often is it tested?

Even a well-defended organization will experience a cyber incident at some point. When network defenses are penetrated, the leadership group should be prepared with a Plan B. Documented cyber incident response plans that are exercised regularly help to enable timely response and minimize impacts.

How does your organization’s cybersecurity program measure up? An easy way to find out is through our IT Risk Assessment. For $1,000, we can get you started on a path to a more secure network.

Interested in an IT Risk Assessment? Learn more or contact us today.

Key Contact

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a Clark Schaefer Hackett professional. Clark Schaefer Hackett will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.

Guidance

Related Articles

Article

2 Min Read

Is Manufacturing Technology in Industry 4.0 or Industry 5.0?

Article

2 Min Read

 4 Key Benefits of a Cybersecurity Live Fire Exercise 

Article

2 Min Read

NYDFS Cybersecurity Checklist

Article

2 Min Read

Navigating the New Data Privacy Landscape

Article

2 Min Read

Don’t Be a Victim of Construction Fraud

Article

2 Min Read

Infographic: 7 Reasons to increase Your Cybersecurity Budget

Get in Touch.

What service are you looking for? We'll match you with an experienced advisor, who will help you find an effective and sustainable solution.

  • Hidden
  • This field is for validation purposes and should be left unchanged.