Data security has become a hot topic amongst C-level leaders in almost every industry. However, increased awareness about the need for greater data security hasn’t necessarily translated into more active involvement. According to a recent report from IBMthe C-suite is still under-involved in data security and cybersecurity.

According to the study…

  • Only 17% of organizations had a comprehensive cybersecurity plan that included collaboration and regular discussions around cyber issues at the C-Level.
  • A little more than half of the CEOs believed their cybersecurity plans were very well established.
  • Only 57% of organizations surveyed had rolled out employee education on cybersecurity.

While C-level leaders are paying more attention to cybersecurity issues, it’s easy to understand why they aren’t more involved. For most, cybersecurity is a like new foreign language they’ve never had to learn. They realize today’s threats could negatively impact their business, but they rely on their IT teams to manage every aspect of protecting against possible threats. While this is true, it often creates an unproductive culture within the organization.

So how can those in the C-Suite get more involved in leading data security efforts without getting into the weeds about how it works?

While you may never need to know the nuts and bolts behind how cybersecurity works, here are three ways C-level leaders can play a more active role in the cybersecurity efforts:

1. Prioritize Data Security as a Business Issue, Not a Technical Issue.

One of the biggest challenges most organizations face is the belief that data security is solely the responsibility of IT. This belief creates a division in the organization, leaving out key players who manage large amounts of data such as Chief Officers in marketing, finance, and HR. One of the most valuable things you can do as a C-level leader is to create a culture in which data security is a high priority throughout the entire organization. It is key to help people understand how it relates to their work and their individual role in protecting your company.

2. Create Internal Systems that Provide Accountability.

Similar to creating a cyber-friendly culture, you have a direct impact on the actions people do or don’t take based on the accountability structures that are in place. Creating internal systems that provide accountability in the same way you hold people accountable for their job performance is another way you can take the lead on data security. Make sure those people who are responsible for following up on potential risks are held accountable for completing them. Cover your bases to make sure individual employees can’t “go rogue” and leave your company at risk.

3. Equip Your Team with the Resources they need to be Successful.

The best leaders realize their primary responsibility is to remove roadblocks and equip their teams to be as successful as possible. This is just as true in data security as it is in any other area of your business. Equipping your team with tools like BALLAST that help eliminate the guesswork and manage the risk assessment process is absolutely something you can and should be doing to protect your organization against potential cyber threats.

The most secure organizations are ones where there is a culture of security that is embedded top-down, where every employee, from the boardroom to the mail room, understands their role in protecting corporate data. Equipping your team with tools that both support, enable, and protect data wherever it resides is something C-level leaders can directly impact.

To learn more about how BALLAST can help you and your team protect against the latest threats in your industry, click here to request a demo today.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.