Role of Top Management in Cybersecurity Governance
The recent ransomware attacks on Colonial Pipeline and JBS are grave reminders that organizations at all levels must constantly be in a high state of cybersecurity readiness and alert. This is no easy task as the points of vulnerabilities are numerous, especially the probability of humans falling prey to innovative hacking maneuvers. The senior leadership has an incredibly important and critical role to play in securing operations, sensitive data, and other digital assets. They must actively engage in the planning and execution of cybersecurity governance activities and spearhead the creation and sustenance of a high-performance information security culture. Such a high-performance information security culture is anchored on three key pillars – commitment, preparedness, and discipline. Dr. Dave Chatterjee’s book on Cybersecurity Readiness: A Holistic and High-Performance Approach speaks to these security culture traits and associated success factors. Probably the most important success factor is a highly committed and engaged top management. In an extensive and insightful discussion with Dr. Chatterjee, Rohit Verma, CEO of Crawford and Company, speaks candidly on topics ranging from top management involvement to the empowerment of the Chief Information Security Officer (CISO), cyber training and assessment, intelligence monitoring, performance tracking and measurement, security drills, and best practices. The following are some memorable Rohit Verma quotes as he advocates a genuinely committed approach to cybersecurity readiness.
Memorable Rohit Quotes/Statements
“Approach cybersecurity at work with the same genuineness and care as you would when securing your own home and family.”
If the leadership of other organizations needs any convincing about staying up with cyber training, all they need to do is look up the WSJ for the last three months and read about the extent of havoc cybersecurity can cause an organization. The cost of recovering from the attack is quite significant. Clearly, “prevention is better than cure.”
“Several of us in senior leadership are digital immigrants and not digital natives. Many of the security issues are new to us. We will be naïve if we don’t take interest and are not willing to learn and stay updated.”
02:30 – What according to you should be the nature and extent of top management involvement in cybersecurity governance?
04:35 – How do you approach cybersecurity readiness from a strategic standpoint?
06:27 – Is there any particular cybersecurity performance metric or key performance indicator that you track as an organization?
07:49 – How does your organization strive to raise the cybersecurity knowledge and skill level among all employees?
11:59 – How does your company process the cyber intelligence they receive?
16:11 – In a company like yours which is globally dispersed, it is not easy to institute and manage cybersecurity initiatives. What are some of the challenges you encounter doing that and how do you work through them?
18:03 – Now talking about Chief Information Security Officer (CISO), a thought that came to mind, is how do you empower the CISO function?
20:56 – What advice do you have for senior leadership for other organizations that may not be as committed to regularly updating their cybersecurity knowledge levels?
27:40 – Do you have any final words for our listeners?
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338