Cyber threats are no longer a niche affair only thought of by the IT department. Mainstream media publishes daily news of cyber attacks, data breaches, ransomware, and more, making it a growing concern of the general public.
The persistent threat of sharing your information with an organisation at the risk that it could be hacked, stolen and sold, makes the trust consumers put in organisations weaken. The scaremongering can make it difficult for IT leaders to know where to allocate their focus, with budgets being stretched so thin that it’s often too difficult to protect against every cyber threat. And that’s the biggest difficulty to overcome; that it’s just a threat.
The Oxford English Dictionary describe a threat as “the possibility of trouble, danger, or ruin”. But that clearly outlines the issue, that there is only a possibility of something happening. No wonder it’s difficult to get buy in from the Board to invest in advanced security measures based just on the ‘possibility’ of an attack.
Board members like hard facts, and numbers. The Sales Director spends his life wondering about the possibility of whether targets will be met, but puts his neck on the line to commit to a number nonetheless. This poses the question: Should the CIO be put in a similar position, forced to commit to the likelihood of one out of a number of threats and just put the wheels in motion to protect against that one threat, because that’s what they decided to commit to?