Why Business Leaders Need to Understand Cyber Risk

by Dr. Shannon McMurtrey, Breech School of Business

I recently had the opportunity to speak to a group of CEO’s and senior business leaders on the topic of Cybersecurity.  I asked them how they would respond if one of their board members asked them a fairly high-level question about the company’s finances.  I wanted to know if they would handle the question themselves or would they pass that question along to their Chief Financial Officer (CFO)?  As expected, most said they would handle high level questions themselves without involving their CFO.

I then asked what would happen in a similar scenario with a question about sales.  Would they handle it, or pass it along to their Chief Marketing Officer?  Again, as expected, most said they would handle it.

The last question I asked was how they would handle a high-level question regarding Cybersecurity at their organizations.  Would they handle it, or pass it along to their Chief Information Officer (CIO)?  Everyone in the room agreed that they would pass that question to their CIO.

In June of 2015 The Office of Personnel Management for the US Government reported that it had been the victim of a data breach.  In the months that followed we learned that this would be the most devastating breach of security in our government’s history.  In September of this past year House Oversight and Government Reform Chairman Jason Chaffetz (R-UT) released a staff report titled, “The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation”.  Key findings from the report include the following:

  • The OPM data breach was preventable.
  • OPM leadership failed to heed repeated recommendations from its Inspector General, failed to sufficiently respond to growing threats of sophisticated cyber-attacks, and failed to prioritize resources for cybersecurity.

Stories such as these are why we created the Cybersecurity Leadership Graduate Certificate in the Breech School of Business at Drury University.  Business leaders worldwide are accepting that their need to have a high-level understanding of cyber risk is at least as important as their need to understand financial and market risks.  If you would like to join other business leaders (current and future) in developing your understanding of these risks, please consider joining us this Fall.

Dr. Regina Waters