Corporate Culture Key to Private Sector Cybersecurity

A new management trend may impel corporations to implement better cybersecurity: lead or get out of the way. Either corporate leaders take the initiative for improving their companies' cybersecurity, or shareholders will demand their ouster following a damaging attack that puts corporate futures in doubt.

Those points were offered by the Tuesday panel at the AFCEA International Cyber Symposium, being held June 24-25 in Baltimore. Four experts agreed that companies of all sizes are imperiled by cyberthreats, and leadership must institute a culture that values cybersecurity as a foundation of doing business.

The Target data breach was “a watershed event” for cyberthreat awareness, offered panel moderator Al Berkeley, chairman, Princeton Capital Management and former vice chairman at NASDAQ. When the company’s chief executive officer (CEO) lost his job, it proved “there is a stick in this game where you could get hurt," Berkeley said.

Joel Schleicher, founder, Cyber Security Services LLC, said the culture of a company is set by its CEO. That CEO should take the point on ensuring the corporation has good cybersecurity. “If you have a CEO that is not talking to its board about cybersecurity, sell the stock,” he stated.

Companies must make strategic investments for data risk management or even cybersecurity, Schleicher continued. Most companies still are choosing to “self-insure” in an uninformed manner. Instead, they should receive an information technology assessment so they can become pro-active instead of reactive.