Martin Rudd, CTO, Telesoft Technologies, explores the changing profile of cybersecurity decision makers in his latest exclusive with FinTech.
Cybersecurity hasn’t always been a priority for businesses. Until recently, arguing for changes in process or the need for new technology was an uphill battle. After all, the majority of an organisation’s C-suite and board members will have tended not to be especially tech-literate, much less concerned with specific issues such as security. As a result, the pleas of engineers and those tasked with maintaining threat intelligence would often fall on deaf ears.
Things are different today, however. For one thing, the rising threat of cyber-attacks has become hard to ignore. High profile data breaches make the news on an almost daily basis, with financial services firms coming under attack 300 times more than organisations in any other industry, according to Boston Consulting Group. In addition, the profile of those charged with making decisions around their organisation’s data security is changing. Many of those now entering the workforce - and taking seats on the board - understand digital technology, and have the expertise and experience to recognise and address the situation.
Changes in circumstance mean individuals must now take a different approach to the way they introduce and discuss cybersecurity with decision-makers. But, at the same time, it’s important they consider those ‘old school’ board members whose knowledge of technology may be less advanced.
Generational and technological shifts
A Korn Ferry study into the demographics of the C-suite found the average age of members to be 54. While that’s at the older end of ‘Generation X’, they’re technically the first digital natives, having grown up witnessing first-hand the evolution of modern computing and the internet.
This is good for business. According to research from MIT Sloan, companies with digitally savvy boards significantly outperformed other companies in terms of revenue growth, return on assets, and market cap growth. Indeed, Gartner reports a growing demand from businesses for board members with skills in areas of technology such as AI, machine learning, and cybersecurity; this is fuelling the increase of greater board representation from organisations' more technical areas. Engineers and members of IT and tech departments are no longer seen as isolated back office employees, they actively empower the frontline and their knowledge of digital tools is wanted at the highest level of management.
Even if companies aren’t proactively aiding it, the evolution to a more tech-savvy C-suite will likely happen organically as generations progress. With the expectation that Millennials will account for up to three quarters of the workforce in the next five years, that digital knowledge will naturally move upwards. That means decisions around the adoption of new cybersecurity technology is going to be based on more than simply what it is or what it protects against, there will be a bigger picture to consider and new questions to be answered; does it fit with the company’s culture? Does it enable seamless interactions between employees and customers? Does it provide a solid framework for the adoption of future innovation? Technology, and cybersecurity in particular, will be a vital driver within a business’ everyday life.
In the present, however, a mixture of C-suite capabilities means that each board needs to be approached in different ways when it comes to initiating conversations around adopting new technology. While there might be less need to spell out the advantages of the technologies in very simple terms, differing priorities means some individuals will still need to be convinced of the benefits of focusing investment in cybersecurity over other options that may produce more obvious returns. For these more ‘old school’ decision-makers, a more evidence-based pitch approach is likely to be the most effective.
Persuasive facts and statistics
Attacks can be extremely costly - recent research by IBM and the Ponemon Institute put the average total cost of a data breach at £2.7mn - and they’re increasing at a terrifying rate. The number of data breaches reported by UK financial services firms to the FCA in 2018 was 480 percent higher than in the previous year.
Of course, the cost goes far beyond refunds and reparations. Obligations under the GDPR mean breached organisations could find themselves liable for eye-wateringly high financial penalties. British Airways, for example, was fined more than £183 million after hackers stole the personal details of half a million of its customers. Perhaps the most costly ramification, though, is the damage to reputation. Share prices and brand trust drop, customers leave and potential ones look elsewhere. For some, a major breach can be fatal.
Ultimately, once just a nice-to-have, the case for robust cybersecurity is clearly very persuasive, and can be hard for any board member to ignore. It’s now key to the survival of every business. But, as the threat landscape continues to evolve, so too does the knowledge and experience of the C-suite. Persuading decision-makers to invest in a security solution may not be as straightforward as simply presenting an overview of its benefits. For many, the conversation has matured. For others, the facts should speak for themselves. There’s simply no ‘one-size-fits-all’, selling security today requires new strategies.
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.