Cybersecurity is frequently discussed by the top management. The increasingly tighter cyber regulations might have made the businesses in the sector prioritise the agenda.
What does the survey show?
Forty-two percent of the respondents indicate that cybersecurity is on the leadership agenda monthly or more frequently. Thirty-five percent discuss cybersecurity in the boardroom on a quarterly basis, while 23% indicate that cybersecurity has the top management’s attention twice a year or less frequently.
Q: How often is cybersecurity on the top leadership’s agenda?
Cyber threats poses a significant risk to today’s businesses. Therefore, it is positive to see that cybersecurity is a topic for the C-level executives and the boards in the businesses in the financial sector. Seventy-seven percent of the respondents in the survey indicate that cybersecurity is on the leadership agenda on a quarterly basis or more frequently.
The top management of the businesses in the financial sector is more focused on cybersecurity than the top management of the businesses in the other sectors that we have surveyed. This is no surprise, as cybersecurity has long been an eminent part of the financial sector’s business operations, e.g. in the context of fraud detection and prevention. This combined with the increasingly tighter cyber regulations in the financial sector may have made the financial sector prioritise the cybersecurity agenda. The topic has become a natural part of the leadership agenda.
It is important to stress that frequency is not the only criterion for prioritisation; yet, it is likely that a higher frequency offers opportunities for making more informed decisions due to a generally improved understanding of the cybersecurity landscape, and for aligning investments accordingly.
The bigger picture
Briefing the top management
An organisation’s top management needs to be frequently briefed on cyber threats and what this means for the organisation. Such briefings should occur at least every quarter.
Practice makes perfect
Frequent briefing of the top management can contribute to the organisations’ cybersecurity maturity levels, as it can channel investments into the right capabilities. Briefings alone, however, are not sufficient to prepare an organisation’s top management for major cybersecurity incidents and the resulting business impacts. Organisations should regularly train the board and top management in cyber risks aligned with the business’ threat landscape and KPIs using tailored training and simulations. This will not only allow management to make better investment decisions but also increase the organisation’s ability to respond to and recover from major incidents with a potential business impact.