The average number of attempted cyberattacks per company rose 31% between 2020 and 2021, according to Accenture's latest State of Cybersecurity Report. With 70% of organizations including cybersecurity as an item for discussion in every board meeting, and 72% of CEOs stating that strong cybersecurity strategies are critical for their reporting and trust to key stakeholders, it's clear security is a top concern for business leaders. Evaluating and responding to cyber risk is no longer viewed as separate from core business goals, but rather an essential element to keeping a business alive.
So, who at an enterprise is responsible for understanding, developing and initiating a strong cybersecurity strategy? Well, according to the same survey of 260 C-suite executives interviewed globally, 98% believe that the entire C-suite is responsible for the management of cybersecurity — the work doesn’t fall to any one individual expert, CRO or CISO.
However, according to a global research study conducted by Trend Micro, which included the perspectives of over 5,000 IT professionals in 26 countries, only half of the respondents said they believe C-suite executives fully understand cybersecurity threats and risk management. The reality is, C-suite and C-suite minus 1 executives are not knowledgeable about core cybersecurity concepts like zero-trust security architectures. Faced with managing massive incidents like the December 2021 Log4j vulnerability, this skills gap highlights a huge mismatch between expertise and responsibility at the executive level.
In order to protect a business and its sensitive internal and customer data, executive leaders must now also be cybersecurity experts.
The responsibility of the C-suite
A business is only as strong as its leaders. Whether it's the CEO, CFO, COO, CHRO or CMO, cybersecurity should be a top concern for all of us. C-suite and senior level managers must be able to identify potential cyberthreats to their organization and understand systemic risks present within its digital ecosystem of suppliers, vendors and customers.
Yet many organizations have struggled to keep pace with their industries' digital transformations, leaving significant knowledge, process and technology gaps in how they manage threats. In addition, the changing landscape of national and international compliance regulations has created an environment in which companies are constantly forced to evolve, trying to stay updated and compliant with data and cybersecurity requirements.
Business leaders who upskill themselves in the core tenets of modern cybersecurity can drive an organizational culture of cybersecurity and strengthen their tech stacks, processes and teams from the top down. CEOs and CMOs don’t need to become information security analysts, penetration testers or white-hat hackers — instead, they need to demonstrate five core competencies that impact their work and leadership:
Business leaders who master these skills will be able to confidently lead conversations about cybersecurity with internal and external stakeholders and ultimately drive their organizations forward, ensuring they meet board expectations for cybersecurity accountability.
Transforming the broader cybersecurity ecosystem
No organization or role is safe when it comes to cyber attacks — from small businesses to major tech companies and from C-suite to entry-level employees, cybercriminals know no bounds. While the C-suite works to create an organizational culture of cybersecurity, they need support from deep practitioners and indeed every employee in the organization to drive true progress. By transforming talent in every role, starting as early in the employee lifecycle as onboarding, you can ensure that every employee has a base level of cybersecurity knowledge and has a solid plan in place to avoid cyberthreats. And when you strengthen the entire organization, you’ll also make yourself a much less desirable target for attackers.
With high demand for technical roles in particular, organizations worldwide are facing steep competition for a limited pool of top talent. It’s a gap that gets wider every day; according to Cybersecurity Ventures, there will be 3.5 million cybersecurity jobs unfilled globally by 2025, a 350% increase over eight years. And only 3% of U.S. bachelor’s degree graduates have cybersecurity-related skills. There simply aren’t enough practitioners to meet demand. I recently spoke with a CISO at a top financial services entity. They expressed that the firm is in an all-out war for cybersecurity talent. They simply can't hire the skills they need, so they’re having to manufacture it internally by training existing employees.
I can guarantee this firm isn’t the only one facing this battle. In this competitive environment, it is more important than ever that companies look to upskill current employees or hire with the intent to train, rather than assuming they’ll be able to fill every role with a highly-skilled external candidate.
With enough passion, intelligence and effort, any one of your employees can become a cybersecurity expert, if you provide them with the upskilling they need to be successful. Pursuing talent transformation initiatives that emphasize hands-on, practical learning will enable your employees to build skills in in-demand roles like cybersecurity, ultimately increasing engagement, retention rates and your business's security overall. A win-win-win, really.
While the strength of a cybersecurity strategy starts in the C-suite, a true talent transformation strategy goes beyond training to put critical thinking and real-world skills into practice at all levels. By upskilling employees at all levels of the organization, you can be confident in your ability to respond to the next big vulnerability.
Sebastian Thrun is a chairman and cofounder of Udacity and a German-American entrepreneur, educator and computer scientist. Before that, he was a Google VP and Fellow, and a Professor of computer science at Stanford University and Carnegie Mellon University.
Welcome to the VentureBeat community!
Our guest posting program is where technical experts share insights and provide neutral, non-vested deep dives on AI, data infrastructure, cybersecurity and other cutting-edge technologies shaping the future of enterprise.
Read more from our guest post program — and check out our guidelines if you’re interested in contributing an article of your own!