Cybersecurity Is Strategic

Written By Kevin Robinson

As we have seen, everyone is responsible for cyber risk.

And cybersecurity decisions---or indecisions---affect the entire organization, due to the interconnectedness of today’s workflows.

The logical conclusion of this reality is simple: cybersecurity decisions need to be strategic.

But why is this?

A strategic decision is one that guides and directs long-term outcomes; these decisions then influence the planning at lower levels.  For example, the U.S.’s strategic position in World War 2 was defeating Germany first.  Once Germany was defeated, the other Allies would assist defeating Japan.   This was partly born of logistics---the vastness of the Pacific; industrial capability---even before December 7, 1941, the U.S. was producing war materiel to support Europe; and ideology---the Japanese sought to be the dominant power in the Pacific through war and only the U.S. stood in their way.  Thus, putting Europe first, strategically---in early 1942---the Allies understood that the fastest way to defeat Germany was a two-front war: liberate France and advance to Berlin from the West while the Russians advanced from the East.

The question was when would the Allies be ready and where?  Turns out June 6, 1944 in Normandy was the answer.  But the groundwork for the invasion was laid years before.

Likewise, ideally, cybersecurity is not something that you can perform rashly.  It should not be something that comes after development or only thought about when a prototype is ready.  If the Allies had decided in May 1944 to invade Europe in June--- well, I think we all know the answer.

Proper cybersecurity decisions are made at idea inception; security and privacy should drive design requirements and vice versa.  Organizations need to ensure cybersecurity is a strategic priority so it can percolate downwards and influence all the underlying processes.  Business strategy is integrated into the organization’s culture and business objectives.  From project planning to development through implementation, management and Board oversight, cybersecurity needs to be involved.

Can you ensure system availability during outages?

Can your organization protect client confidentiality if an attack happens?

Can you be confident data is correct and not changed without permission?

Make the correct, strategic decision and prioritize cybersecurity in your organization.

Kevin Robinson
Previous

Artificial Intelligence vs. Real Intelligence: Striking the Right Balance in the Mortgage Industry
Next

Flexibility Drives Profitability - Value Drives Success