In a digital transformation era, professional and even personal data is more than ever part of a company’s assets. Data must also benefit from a protection tailored in line with its value. In terms of corporate governance, directors are on the front line as this data represents a company asset that they are directly and legally responsible for. But are they aware of cybersecurity? Are they really conscious of its value, their responsibilities and the bulwark of protection to implement as a response to bad practices and attacks?
An adapted behaviour
This is not another demonstration on how indispensable cyberprotection is to the survival of companies. Or better yet that before deploying hardware equipment, it is mandatory to raise awareness among directors, intermediate managers and collaborators to best practices in the business. Cybersecurity specialists like to say that the main problem in this field is #PEBKAC.
What first needs to be done is for the company’s resources to understand the stake and the consequences of sometimes unconscious behaviour. Technology may help but the best bulwark is an adapted behaviour.
One can always set up a series of equipment or solutions but this will never bear as much weight as a naturally responsible behaviour.
Making a sustainable commitment
I regularly compare the implementation of a cybersecurity approach to quality practices (especially in the case of industrial companies aligned with the ISO 9001 standard): this seems obvious to all of us but it’s only a matter of common sense. When it’s in our culture, we only try to progress. Gains only become visible on short and long term; a certificate will not prevent one from incidents.
Yes, there are many similarities except that, in the quality context, the director is not legally committed. And this surely makes a real difference!
Implementing a security approach must become a continuous commitment and a cornerstone for the SMACS (Social, Mobile, Analytics, Cloud) innovation approach and implicitly for Security.
It’s everybody’s concern
Through various programs (Military Programming Law, European Network and Information Security Agency) and different state interlocutors involved in economic intelligence (national police, Regional Department of Enterprise, Competition, Consumer Affairs, Labour and Employment, General Directorate for Internal Security, etc.), the state is seeking to initiate directors and their companies in general but more often in a responsive (following an incident) rather than a proactive approach.
There’s real work to be done on making SMEs aware of cybersecurity. As for me, I believe that this awareness must be part of the company’s digital transformation approach. Otherwise, the deployed digital changes are but a giant with feet of clay. Cybersecurity must bring a form of protection but it will be of little value in absence of best practices.
How to finance security?
To launch a cybersecurity approach, one first has to possess the necessary skills or to seek support to immediately benefit from best practices.
In this context of means allocation, I often ask myself how companies can be encouraged to launch themselves. One can always spread “caution” messages, generate a certain fear but, in the end, one has to allocate the adequate means.
Considering that the lack of cybersecurity practice may have negative consequences on a company’s sales figure, the State also may regard it as a shortfall in earnings. I’m not a big fan of subsidies but I think that we have to assist and encourage the SMEs choosing this approach. Tax credits could very well cover cybersecurity, just like R&D and innovation activities, don’t you think? I truly believe that this calls for cybersecurity lobbying.
Are you fully aware of the cybersecurity’s importance? Do you need to know where you stand in terms of security? Are you dreaming of digitizing your company? If so, contact me!