A Rallying Cry To All CEOs … You Need To Get More Technical!

I have always found it strange that the board of directors in companies have often very little technical understanding of how their…

A Rallying Cry To All CEOs … You Need To Get More Technical!

I have always found it strange that the board of directors in companies have often very little technical understanding of how their information systems actually work. It’s a bit like the board of a car manufacture not actually knowing how a car actually works. And so with our companies now often driven by data, we still still see many boards with little in the way of training and knowledge around the technical nature of their data infrastructure. This includes the understanding encryption, system logs, and on the basics of Internet connections. If the CEO doesn’t understand how encryption works, and can ask the right questions around the storage of passwords and in the protection of customer data, we should all be worried.

Some CEOs can thus think they can avoid cyber security as it is not their responsibly, and have a whole team to look after it. But not any more. The BA and Ticketmaster hacks show how easy it is to target a company, and gain profit. Now Ciaran Martin, chief executive of the UK’s National Cyber Security Centre, shouts from the roof top and defines that cyber security is now one of our top risks to our countries and our economies.

For him he sees sources for financial crime include Iran and North Korea, and where Russian may pose damage to the trustworthiness of our data infrastructures. Along with financial risks, Ciaran sees significant risks around the trustworthiness of our data, including with the 2016 US presidential election and the 2017 NotPetya cyber attack.

He defines that two-thirds of FTSE 350 companies’ boards do not have any training in how to deal with a cyber attack, and that 10% had no plan in place. His rally cry is:

“Boards somehow need to get a little bit technical,”

and:

“Too often, the tendency in cyber security has been to hire help so that it can be declared the problem has been taken care of. “You wouldn’t expect that in terms of financial liability, you wouldn’t expect that in terms of the way you pay tax, or the health and safety of your workers.”

And so, our boards and especially the CEO will have to get a lot more technical, and address the risks around cyber security. Personally, I would make it mandatory that every board goes though the basics of encryption and in the operation of network traffic, and for them to understand how their systems actually protect data. There is no excuse for a major company to not have a cyber security plan in place, and for the board to be asking the right questions.

Increasingly it is the CEO that will be pin-pointed in reporting on hacks, and they must be prepared to respond correctly, and show that they have done every possible to protect their customer’s data.