Chris Young, CEO of McAfee just spoke at TNW New York. We’re sharing his views on the importance of company culture in cyber security.
For a growing number of CEOs, security is now a top concern — but most aren’t doing enough to protect their companies from harm.
Data breaches jumped 29 percent in the first six months of 2017 compared to the same period last year. And by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk, according to Gartner.
These cyberattacks come at huge cost to businesses — not just in dollars but in reputation. Many businesses never recover.
Some 60 percent of small businesses that become victims of a cyberattack aren’t in business six months later, according to a report by the US National Cyber Security Alliance. And attacks on large companies just this year cost major firms as much as $300 million.
Taking table stakes measures — hiring CSOs, installing and updating security technology, establishing security protocols is no longer enough.
And while hundreds of companies are working on technology solutions to help combat cyber crime, technology alone won’t save companies from the growing threat either.
To fully prepare for the all-but-inevitable attacks gunning for essentially every business, business leaders must build security into their cultures. Culture is the critical piece that will activate all of the other measures businesses take — and make them worth it.
Sounds important, right?
Companies that want to build a culture of security to protect from and prepare their businesses for cyber threats must get their employees on board, must implement the kinds of technology that empowers rather than hinders productivity, and must think security first.
To get employees on board, build security into the vision and values of the company. Make sure its embedded in the consciousness and language of leadership across departments. If security isn’t a core value — make it one. And consider how each value can be bolstered by thinking about how to deliver that value securely.
When it comes to technology — make sure security isn’t a top-down, IT-isolated decision but that the technology supports and empowers people to do their job securely. When employees are hindered by technology, they’ll look for work-arounds. If they don’t understand why the security measures are in place, they can’t be vigilant. Make sure security protocols and security technologies support your vision and enable employees to work productively.
And finally – think security first and make that a tenet of the culture. From the earliest stages of product design, to selecting vendor partners to writing job descriptions — security needs to be top of mind for every critical decision, every new process, every rule.
Building a culture of security isn’t just important. The future of your business depends on it.