Why The C-Suite Needs To Get On Board With Cybersecurity

By Fred Templeton, CISA, CASP, SEC+ •  Updated: 08/25/22 •  4 min read

Cybersecurity breaches are on the rise, affecting customer trust and threatening businesses that don’t have solid cybersecurity strategies. Cyber threats are among the biggest threats facing most organizations today. And this isn’t helped by a lack of communication among the top levels of a company. A recent PwC survey on digital trust found that 10% of Chief Information Security Officers (CISOs) reported having the least contact with CEOs of their organizations. Among an organization’s three big leaders, about one-fifth of CISOs surveyed cite the CEO as the one they have least contact with. There is a visible gap in collaboration between cybersecurity teams and board-level members, and this poses a threat to businesses that may be vulnerable to cyber risk and attacks.

Taking the time to build relationships and act as partners to CISOs can help empower cybersecurity teams in an organization while keeping the business and its assets secure from potential threats. In this post, we’ll go through a few essential reasons for the C-suite to work closely with their cybersecurity teams:

Establish a cybersecurity-ready culture


Most organizations are not only vulnerable to cyber-attacks but are ill-equipped and lack response readiness against cyber attackers that grow more and more sophisticated. This World Economic Forum writeup highlights six principles that can help boards with cyber risk governance, from encouraging collaboration to aligning cyber risk management with an organization’s needs. Boards can assess and evaluate cyber risk’s financial and economic impact and establish accountability for good governance. Board-level involvement in cybersecurity strategy helps establish a top-down approach to risk management while monitoring cyber risks.

Support existing talent


On top of facing cyber risks, organizations also face a shortfall of cybersecurity talent. A Cyberseek report found that over 700,000 unfilled cybersecurity positions in the US are currently available. While these roles remain vacant, organizations lean on the existing workforce to take on more work, risking employee burnout. A focused board-level involvement in managing cybersecurity talent can help build a more well-equipped organization against cyber threats and keep existing talent happy and healthy. Diversity and inclusion initiatives can help organizations tap into underrepresented talent pools to join the workforce. Investing in in-house talent training for cybersecurity employees to further learn and grow can provide consistency and stability instead of hiring third-party experts for your organization. The more the C-suite is involved, the more the organization can retain and attract cybersecurity talent to handle growing cyber threats.

Pursue upskilling opportunities


Lastly, getting on board with cybersecurity initiatives in the organization can provide opportunities to upskill and plan for post-corporate life. An LHH story on Peggy Smyth highlights how educating yourself beyond what you already know is essential for leaders. In fact, Smyth herself completed a class with the National Association of Corporate Directors on cybersecurity governance for board directors. As cyber threats and attackers continue to grow more sophisticated, it’s important for professionals — even those in the C-suite — to stay up-to-date with their skills and training. This will make them better voices and advisors to companies they work with.

Of course, aside from keeping board members on their toes, taking the time to upskill via cybersecurity training and certification can even open new doors for career shifts, even at senior levels. We discussed why it’s never too late to get into cybersecurity in our previous post on How to Transition to a Cybersecurity Career at Any Age. Spare the worries about age and seniority, as getting cybersecurity certifications can help you leverage your professional experience to get into even better leadership roles within the field. Ultimately, the thirst to keep learning and growing is essential for your business to evolve alongside cyber risks, even at the top.

Fred Templeton, CISA, CASP, SEC+

Fred Templeton is a practicing Information Systems Auditor in the Washington DC area. Fred works as a government contractor and uses his skills in cyber security to make our country's information systems safer from cyber threats. Fred holds a master's degree in cybersecurity and is currently working on his PHD in Information Systems.