According to the office of Homeland Security, Cyber threats affect businesses of all sizes and require the attention and involvement of chief executive officers (CEOs) and other senior leaders. The office of Homeland Security compiled a list of key cybersecurity risk management topics all C-level execs should discuss with their leadership.
This list is based on best practices from lessons learned during incident response activities and managing cyber risk. (For more details, visit the Homeland Security article here.)
CEOs should ask the following questions about potential cybersecurity threats:**
- How could cybersecurity threats affect the different functions of my business, including areas such as supply chain, public relations, finance, and human resources?
- What type of critical information could be lost (e.g., trade secrets, customer data, research, personally identifiable information)?
- How can my business create long-term resiliency to minimize our cybersecurity risks?
- What kind of cyber threat information sharing does my business participate in? With whom does my business exchange this information?
- What type of information sharing practices could my business adopt that would help foster community among the different cybersecurity groups where my business is a member?
The following questions will help CEOs guide discussions about their cybersecurity risk with management:
- What is the threshold for notifying executive leadership about cybersecurity threats?
- What is the current level of cybersecurity risk for our company?
- What is the possible business impact to our company from our current level of cybersecurity risk?
- What is our plan to address identified risks?
- What cybersecurity training is available for our workforce?
- What measures do we employ to mitigate insider threats?
- How does our cybersecurity program apply industry standards and best practices?
- Are our cybersecurity program metrics measurable and meaningful?
- How comprehensive are our cybersecurity incident response plan and our business continuity and disaster recovery plan?
- How often do we exercise our plans?
- Do our plans incorporate the whole company or are they limited to information technology (IT)?
- How prepared is my business to work with federal, state, and local government cyber incident responders and investigators, as well as contract responders and the vendor community?
If you need help assessing your cybersecurity risk posture, please contact Warren Finkel at 646.558.6358 to schedule a cybersecurity risk assessment. Our comprehensive evaluation and assessment of risks and the controls in place to mitigate the identified risks provides organizations with the assurance they need to effectively manage cybersecurity risks.
** This article comes From the Office of Homeland Security: Questions Every CEO Should Ask About Cyber Risks. Read the article here.