The CLO strategist: Cybersecurity

What does a cybersecurity strategy mean from a CLO’s perspective?

It means predicting, managing, and balancing risk. But it also means helping leaders across the organization develop offensive and defensive game plans so they can:

• Navigate the evolving regulatory landscape
• Manage cyberthreats more effectively, starting with areas of greatest risk and value to the business
• Plan for incident response so that it limits the impact of a data breach to the organization
  

Developing an effective strategy involves tackling cybersecurity by process versus organizational silo. Consider, for instance, the track that a customer’s data takes through the organization, from marketing and sales to finance to fulfillment and delivery—and that’s a simplified view. A dynamic approach like this can help build consistency, transparency, and defensibility into legal governance, risk, and compliance.

The costs of cyber incidents

Cyber incidents and breaches are common—and the threat is growing. Among C-level executives:

• 72% of survey respondents say their organizations experienced between one and 10 cyber incidents and breaches in the previous year alone
• 69% report an increase or significant increase in threats to their business between early 2020 and May 2021

Security breaches can lead to both direct costs—such as regulatory fines—and indirect costs—including lost contract revenue. The direct costs typically associated with cyber incidents are less than those of indirect costs like brand impact. These costs play out over years, rather than months; in fact, more than 50% of associated costs accrue after year one.

The five self-reinforcing choices

The CLO can develop a strong cyber strategy that is focused on both offense and defense and empowered by cross-functional relationships. To do so, consider the five self-reinforcing choices, which we’ve adapted from Lafley and Martin’s seminal guide:

1. Vision
2. Focus
3. Value
4. Capabilities
5. Leadership

Bridging the gap between security and business

The growing frequency and severity of cyberattacks has pushed cybersecurity higher on the agenda of the board and C-suite executives, including the CLO. An effective cyber strategy needn’t take the legal team into highly specialized IT territory, but it does require a basic familiarity with the issues and what they mean from a risk and compliance perspective. With that, the CLO can create a multidimensional approach and leverage key relationships to proactive and effective cybersecurity co-owned by leaders across the entire organization.