



Dear CEOs, Dear Board Directors,

The debate over cyber security strategies is complex as it is divisive. There are various views and legislations in place around the World for cyber security and privacy. All of them have common points and different points. This creates a very composite environment.

As a former managing director of a cyber security company, a security professional, and business leader, I’ve heard from all sides and had the chance to understand the involvedness of the landscape. Besides, as a former advisor to CISOs in Fortune 500 companies whose concerns are keeping their reputation and grow their business, I feel a responsibility to share my support and my position on the matter, now, at a time when the picture is yet unclear.

Providing a secure environment to work should be a top priority for your company. With the current technological transformations, the company’s environment has evolved into a digital World and a multifaceted ecosystem. Therefore, that imperative is quickly challenged.

Recently, I have heard a story of a million dollar’ company losing its whole business over a cyber-attack. I do not need also to mention the impact of a data breach on Yahoo’s acquisition.

So, while I understand the diversion of opinions on both sides of the debate: business and technology, it is for the safety and security of the company and customers in mind that I raise this topic. This also comes to the fact, that my peers ask me how to get their board support.

1/Assign a cyber security representative On the board

Cybersecurity represents a high-risk management challenge that companies like yours need to address at the level of board of directors as a top priority.

Parsons Corporation is a great example of having a representative for #cyber #security on the board; MAJOR GENERAL SUZANNE M. "ZAN" VAUTRINOT. Additionally, of being a security representative and supporting the cyber strategy for the group, she is an amazing role model for women in cyber security. It boils down to this: you must be concerned about your business risks, including cyber risks and therefore embrace the current digital changes.

Your company is going digital. Your company is going into the cloud. Your company’s environment safety is not anymore limited to the physical environment. Simply put, cyberspace must belong to your company’s settings, starting from the boardroom. To achieve that, you should be supported by experts in the matter for guidance and advisory.

2/Set up an immunity policy for your Chief Information Security Officers

100% security does not exist. However, I believe companies have an obligation to employees and to customers to ensure a secure environment and keep their data safe, whenever and whatever happens.

In the airline industry, the employees have Immunity Policies.

The policy includes a cooperative safety reporting program which invites pilots, controllers, flight attendants, maintenance personnel, dispatchers, and other users of the National Airspace System, or any other person, to report actual or potential inconsistencies and insufficiencies involving the safety of aviation operations. Additionally, although a result of violation may be made, neither a civil penalty nor certificate suspension will be imposed if the violation was inadvertent and not deliberate and the person proves that, within 10 days after the violation, or date when the person became aware or should have been conscious of the violation, he or she delivered or transmitted a written report of the incident or occurrence.

Source: https://asrs.arc.nasa.gov/overview/immunity.html

My point here is to implement a policy helping you improve the security of your company through cooperation and collaboration with your team. A similar policy might be implemented for your employees, including the CISO, himself.

You CISO is piloting the security of your company. For him to achieve this objective, he/she should be given the means and trust required for a complex task, with a high risk. Given an immunity to your CISO will allow him/her to report to the cyber security board advisor and the other members with complete transparency. Clearly, cyber security might be a complex technical topic, and that can be solved by the support of a board member from the industry.

3/Encourage your employees to talk about their concerns around online safety

My previous point extends to the employees of your company. If you are seeking to build a safer and secure environment within your team, you need to build the trust that the employees can report failures and mistakes without being held responsible if they do not do it deliberately. More specifically, the leadership at your firm needs to provide educational programs, open talks, and other activities for your people to share their perspectives and engage them in this important topic. They will share their cyber risk perceptions and fears. They will communicate around what they believe is a threat for their personal and professional lives. This is not a topic you can ignore, if you want your company to be ready, competitive, and not vanish like most of Fortune 500 firms. In fact, 88% of Fortune 500 firms in 1955 vs. 2014 are gone. Technology changes so fast that people simply can’t keep up. You need to understand, protect, and move with these changes and include your employees within the change.

A cyber maturity can be achieved over time and most people will become wiser, and more self-aware about the do’s and don’t’s, in the cyberspace.

In the end, embracing cyber transformation and cyber awareness isn’t just the thing to do to be compliant; it’s also smart business that keeps your company running, you employees secure and your customers safe.

Cyber Regards,

Magda CHELLY













-------------------------------------------------

Magda has a PhD in Telecommunication Engineering followed by a cyber security specialization. She has an extensive experience of delivering Cyber Security advisory education programs to organizations around the world, working with Fortune 500 companies. She founded Responsible Cyber Pte. Ltd. a Singapore-based company. https://responsible-cyber.com

Magda has been nominated as Global Leader for Woman in IT and she accomplished several steps for her business to make a change in the cyber security area, launching a cyber security Diploma in Singapore and founding the initiative Woman In Cyber: www.woman-in-cyber.com . The initiative also has a podcast channel on Itunes: https://itunes.apple.com/sg/podcast/woman-in-cyber/id1191056268



