Dr. Charles Dull currently works at Cuyahoga Community College as associate dean of the IT Center of Excellence. He made a presentation to NEO STC (now Ohio STC) several years ago and co-authored a column in STC’s Intercom on trends in education. In a recent Smart Business Cleveland article, Dull addressed the topic of cybersecurity and the importance of high-level cyber threat awareness.
Dull argues that CEOs should be aware of online security threats. “Most CEOs would know whether their organization has a cybersecurity plan in place,” said Dull. “But go one level deeper and ask what it contains, and most aren’t able to explain much.”
Dull continues that executives must understand the plans needed to protect data and mitigate cybersecurity risks. CEOs also need to adequately fund cybersecurity risks. “CEOs are always concerned with dollars and often want to know what return they’ll get from an investment,” Dull said. “When an expensive upgrade is required to improve an organization’s defense system, CEOs should have a reasonable sense of the requirements to make the right choice for the business. And, should the business face an attack, it’s better to have a CEO who knows enough to enable the IT staff to quickly address the issue rather than squabble over costs to a critical system or software.”
While a CEO does not have to be a cybersecurity expert, Dull notes “they should be aware of the issues so that they can speak intelligently with specialists and understand the problem enough to authorize an effective counter.”
Dull goes so far as to say the if “IT staff tells the CEO that the organization has been defending itself against phishing expeditions or DDoS attacks and needs funding to bolster its defense, it’s important that CEOs understand what that means. It’s dangerous for CEOs to ignore reported threats, underfund or underequip a response, or even overfund a response.” He continues by saying –
“Sometimes the harm done through the loss of personal information from a breach creates the basis for lawsuits. When the number of people affected is high, even settlements from such cases can be expensive. Those are costs, often ongoing, that occur after an initial breach that CEOs unfamiliar with cybersecurity issues don’t necessarily consider.”
“Understanding the language of cybersecurity is an important first step. That way, when specialists highlight an organizational exposure, those in charge of the purse strings can quickly allocate the funds to protect against it.”
Reviewed by Jeanette Evans