Cyber Security in the C-suite

During recent months, we’ve seen security chiefs from MI5 and GCHQ urging chairmen of the UK’s largest companies to address cybercrime head-on. Given the fact that four-in-five of the UK’s largest quoted companies are not prepared for cyber-attacks, there is a real sense of urgency to combat this threat across the UK.

Couple this with the fact that there are not enough security experts to combat this rising threat and you can see why governments globally are alarmed. In fact, research and consulting firm Frost & Sullivan recently released a report that found that the number of security professionals globally is about 2.25 million, yet the requirement by 2015 will be 4.25 million.  Moreover, cyber security is now being reclassified to a tier-one national security priority, signalling that policy makers are urging action now.

Over the last 15 years, businesses have increasingly built virtual fortresses aimed to address cyber security issues. However, despite this, attacks are still happening. Over the last few months alone we’ve seen numerous businesses suffering from security attacks. Take The New York Times, whose website went offline twice in August due to malicious external attacks. More recently, police officers have arrested 12 men over an attempt to steal millions of pounds by hacking computers at a branch of Santander.

In today’s interconnected business environment, cyber-attacks are coming from a multitude of areas – cyber criminals (traditional hackers and hacktivists), espionage-type activities and data leakage where information is taken from an organisation and purposefully or inadvertently falls into the wrong hands.

Given this variation of attacks, all with bespoke motives, cybersecurity goes hand-in-hand with enterprise risk assessment as it can directly affect both operations and the broader brand or reputation of a company, often resulting in significant financial repercussions. What we realise is that IT security solutions alone are no longer enough. And it is with this point in mind that takes cyber security out of just an IT department’s responsibility and directly as a must-have agenda point for the boardroom table.

A key question that those around a boardroom table must understand is the motive behind potential cyber-attacks – what information the attackers want to glean – is unique to each company. Only until this insight is understood can business decisions be made on the right investments to be made – a comprehensive defence system ultimately comes from an overarching strategy developed by businesses leaders and now is the time to act.

In addition, according to research released by the Ponemon Institute, human error and systems glitches caused nearly two-thirds of data breaches globally in 2012. These statistics indicate the need for responsibility for cyber security to expand to the entire organisation.  Although there may be security guidelines in place, businesses need to ensure that these values have been absorbed and embraced by employees throughout the organisation. 

Think about how you can encourage employees to take responsibility for the protection of their own data, introducing training programmes to educate your workforce and dispel some of the myths around cyber security. Set up learning sessions to ensure employees are fully aware of the procedures they should be implementing in their day-to-day working lives when using mobile devices or transferring sensitive information.  It may also be necessary to bring new talent into the organisation; today’s young people are increasingly tech-savvy and think in a much more integrated way when it comes to technology in their daily lives in and outside the office. 

A new approach to cyber security is something that business leaders can’t afford to ignore. With people collaborating via multiple platforms and whilst on the move, we’re witnessing a whole new world of communications where the problem of cyber security can no longer sit siloed in the IT department. Instead this issue must be understood and addressed – starting with a strategy spearheaded by the C-suite, and embraced by all employees.


Rangu Salgame is Chief Executive Officer of Growth Ventures at Tata Communications


« Snapshot: Goodbye Siemens Enterprise Communications, Hello Unify


Biometric Privacy, Senator Franken and the Firestorm »
Rangu Salgame

Rangu Salgame, Chief Executive Officer of Growth Ventures at Tata Communications

  • Mail


Do you think your smartphone is making you a workaholic?