In light of the recent data breach at TalkTalk I started to think about why breaches are becoming so common and why there appears to be such a gap between corporate priorities and cyber security. Then something dawned on me, I spend a lot of time speaking with members of the C-suite and articulating the benefits of key security foundations and defense in depth. At lot of the time the members of the C-suite lack the requisite skills to really grasp the importance of cyber security. Through no fault of their own, they do not come from technology backgrounds, but from sales, finance and marketing. In addition, many corporates have not appointed a Chief Security Offer.
This puts an organization in a difficult position especially when you consider the big strategic challenges facing many businesses. They need to innovate by bringing new products and ways of interacting with their customers. All of this is underpinned by technology. Not having an understanding of implications of the underlying security can only lead to one thing - a cyber breach!
I recently read an article in the Financial Times which stated that "only 6% of the directors overseeing the world's biggest banks have any technology experience, even though issues ranging from cyber security to digital challengers have shot up their boardroom agenda, the research was carried out by Accenture.
Other findings from the report include:
- Circa 1/2 of the world's biggest banks have no board members with any technology experience
- Banks in the US and UK scored highest on board member with tech experience, however that was only 15.7% and 14.3% respectively.
- The lowest figures came from banks in Brazil, Greece, Italy, and Russia, which had no directors with a background in technology.
- French banks have only 3% of directors with technology experience
- Spanish and Swiss banks have less than 7%
Technology is ingrained in everything we do so cyber security needs to be built into our business strategy from the ground up. Certainly the awareness is growing and many C-suites are looking for board members with technology experience, but these people are not easy to find, especially when you consider they need to blend commercial acumen with solid technology foundations.
Business is complicated and things will go wrong but if you lack the skills to avoid mistakes, you at least need the wherewithal to understand them and prevent them in the future.