Dutch companies lag significantly behind when it comes to cybersecurity when comparing this with other companies worldwide. This is stated in the latest State of Cyber Resilence report.
The aforementioned report also shows that we are not well prepared in the Netherlands to fend off potential attacks and that we are not well equipped to grow under pressure from cyber attacks. For example, we see that the discovery and resolution of data breaches is slow for three out of five Dutch companies. For a little more than half of Dutch companies, it takes one to seven days before a data breach is discovered.
So it’s time to take a look at companies that are branded as ‘cybersecurity masters’.
“It is important internally to look at the company’s strongest assets, both commercially and in terms of security: the employees who build the company”
What we have seen with the cyber pioneers is that they accept that business opportunities also come with cyber risks. These companies find the right balance between business and cybersecurity strategy that enables them to act quickly. To make this happen, active collaboration and knowledge exchange are important. Only in this way do we have a fair chance. That is also exactly what hackers do. They have contacts and keep each other informed, coordinating tactics to eliminate the most selected prey.
Exchanging security insights and knowledge with partners, suppliers and competitors is beneficial for cyber resilience because in this way companies can learn from each other and improve together. In addition, it is important internally to look at the company’s strongest assets, both commercially and in terms of security: the employees who build up the company.
Exchange of information and knowledge applies not only to external parties but also internally. Communication is an important part of cybersecurity, and who knows more about the system’s weaknesses and security developments than the ciso? In order to exchange knowledge quickly and accurately, it is important that cisos are included on the board. Yet we still see too often that this is not happening and it can be a major disadvantage to the company’s cyber security.
There are a number of benefits when cisos participate at the board level. First, a board that understands how to deal with cybersecurity incidents will be better able to make future-proof decisions instead of resorting to hasty crisis management. Second, the insights CISOs gain during meetings will help them understand the business challenges facing the board, enabling them to create a more focused and tailored plan to find the right balance between threat-centered and business-centered.
Still, it is important not to put all the balls on cisos, because cybersecurity is a shared responsibility that all other employees at all layers of the company must also believe in.
To increase the company’s cyber resilience, a holistic strategy is important, a strategy that encompasses all business activities – from C level to the talent in the front line. A first step in this is to assess cybercrime behavior on each layer of the business. And that, of course, is something a ciso can help with.
When a company is able to exploit its human potential, both internally and externally, it can strike a balance between business and security goals. The path to becoming a cybersecurity champion is different for every business. What works for one company may not work for another. The important thing is to take the first step.
(Author Michael Teichmann is CEO of Accenture Benelux and France.)