Guest Post By Nadav Zafrir, Co-Founder and CEO of Team8
The following is a guest post from Nadav Zafrir, Co-Founder and CEO of leading cybersecurity foundry, Team8. As cyber is one of our key focus areas, we joined forces with Innovation Endeavors-backed Team8 and Nasdaq to host a Cybersecurity Thought Leadership Forum on October 26th. In this post, Nadav Zafrir shares compelling insights for C-level executives which in turn provides startups with an interesting perspective on the space.
Among the C-suite and in most boardrooms today, cybersecurity looms like a mythical dragon threatening to “destroy us all” – and herein lies the problem. By relegating cybersecurity to the land of nymphs and fairies, the C-suite is unable to create a real picture of what is happening and what they can do to protect their organizations. If we are going to manage cybersecurity risk, we need to demystify it.
Building a solid foundation for good cybersecurity is hard work. Effective cybersecurity is not something that can simply be bought and installed, it must be part of an organization’s overall business strategy. The C-suite needs to become more cyber literate and take control of what they have, until now, relegated to other departments.
Cybersecurity is Not a Technical Issue
Many CEOs and boards think of cybersecurity as an IT or regulatory and compliance issue and often relegate it to their CIO or their lawyers and auditors. But a number of high profile CEOs have recently learned the hard way that cyber is a business risk and that the ultimate responsibility to tackle cyber threats lays at their feet.
On October 26th, Innovation Endeavors, Nasdaq and Team8 joined forces to bring together the top minds in cybersecurity for the first annual Cybersecurity Thought Leadership Forum held at the Nasdaq MarketSite in New York. Approximately 120 CEOs, CISOs and CIOs met with top cyber security thought leaders to discuss the challenges and risks posed by ever-increasing cyber threats and the changing role and responsibilities of the C-suite.
Speakers included Eric Schmidt, Executive Chairman of Alphabet, Inc., Bob Lord, newly appointed CISO of Yahoo, Anthony Bettencourt, President & CEO of Imperva and John Summers, Vice President Security Business Unit of Akamai Technologies. The one unifying message that came from all the speakers is that cybersecurity is not simply a technical issue. “The most common mistake is thinking of cybersecurity as simply a technical issue rather than as a new core element of business risk,” said Raj De, Partner and Chair of Global Cybersecurity & Data Privacy practice at Mayer Brown, formerly General Counsel for the NSA.
“Unfortunately, most companies treat cybersecurity as a 'control function,' in which there is limited engagement from business managers and security is ‘layered on top,’ with control on top of control on top of technology systems,” said James Kaplan, Partner, McKinsey & Company and co-author Beyond Cybersecurity: Protecting Your Digital Business.
By seeing cybersecurity as merely a technical issue or as a regulatory and compliance issue, the C-suite fails to understand critical concepts and does not have the proper tools to make decisions. As a result, minor threats are overblown, while real risks are ignored. Possible solutions are often distorted, and sensible solutions are entirely missed.
The C-suite Needs to Become More Cyber Literate
If we’re going to give businesses an advantage over their potential attackers, we have to improve the cyber literacy among the C-suite. Raj De said it best when he said, “given today’s headlines, C-suites no longer need experts to tell them to pay attention to cybersecurity, but they may need legal, technical, communications, and security expertise to help them manage this dynamic risk.”
Most CEOs and other executives have a basic cyber awareness – they know that the failure to adequately protect critical assets could have a devastating affect on their business. But what many CEOs and other executives do not want to admit is that many of them are still limited in their knowledge of cybersecurity and do not know how different threats may affect their respective businesses. While CEOs and other executives can skip the technical details, they must become more cyber literate in order to align their cyber strategy with their business strategy. While the IT team can tell you the technical impact of a potential attack, it is really the C-suite that is in the best position to understand how potential attack affect the bottom line.
We will be hosting another exclusive cyber event in SF in early 2016. Interested in attending? Please reach out to firstname.lastname@example.org.
To continue the conversation, sign up for our newsletter here.