C-level executives should take a more proactive role not only in drafting but also in implementing and following through with their enterprise’s cybersecurity policy, McKinsey & Company said in an Insights article published this month.
The authors of the report said, however, that while most senior leaders are aware of the implications of a cyber attack, overcoming the structural and organizational hurdles to deploy a working model takes dedication and sustained support.
“Understanding the issue is quite different from effectively addressing it,” said the authors, principals Tucker Bailey and James Kaplan and consultant Chris Rezek.
“Only sustained support from senior management can ensure progress and ultimately mitigate the risk of cyber attacks,” they added.
Executives, for instance, must expect cyber readiness to touch all aspects of the business, and that cybersecurity risk is not easily measurable.
They suggested active participation in the decision making process, especially in determining how much risk the organization can take losing proprietary information or man hours.
McKinsey says the enterprise can also benefit from effective governance and reporting, and instituting change in user behavior, particularly in basic security hygiene.