Cybersecurity requires organisational leadership
The onward march of information and technology communications will not be halted.
It is bringing huge benefits to government, to national infrastructure, and to the provision of public services, utilities and financial services. And it has transformed our daily lives as we each become more and more adept users of digital devices.
But alongside this advance come a parallel threat – a rising challenge to our cybersecurity.
We are all, perhaps, aware of the argument. Recent examples of identity fraud, the phone-hacking scandal, and the assaults launched from around the world on prized national systems, have all created a renewed sense of threat and lack of security. This isn’t just an episode of Spooks. There is real and justified pressure on executives to respond.
But do they really understand the challenge?
A recent report from Chatham House and the consulting firm Detica (‘Cyber Security and the UK’s Critical National Infrastructure’) concluded that we lack “a society-wide response to the challenges of cybersecurity, embracing the public and private sectors.” In other words, we do not agree on the nature and importance of the problem and, as a consequence, we have not defined the threat or our vulnerability.
The government does have a central role to play here, not least in helping many more people to understand and, therefore, to prioritise the issues of cybersecurity. ICT providers also have their own role to play. Providers need to work closely with their clients and help them become intelligent and determined buyers. This involves translating complex IT and technical jargon into everyday and straightforward language – easy to say but difficult to do. This is the only way in which buyers will understand the issues of cybersecurity in sufficient depth to enable them to adopt the best solutions for their organisations.
Government and providers between them, however, won’t hold all the answers. There is a lot beyond hardware and software that organisations need to get right.
As the report argues, “fundamental behavioural transformation is needed … senior managers or organisations, both large and small, can no longer afford to treat cyber security as the remit of only one department.”
So this will require astute organisational leadership as well as high-performing IT functions. It is really up to the Board and senior management teams to instil cyber awareness into their organisations at every level. After all, mistakes don’t just impact on one part of the structure – the economic and reputational consequences can be huge for everyone.
There are plenty of examples of best practice that are available, although the rapidly developing nature of technology means that these must constantly be updated. This issue should be on the agenda of every board in the country.
The next generation of ICT looks like it will be in the cloud. If we want to stay ahead of this game, we had better keep our feet on the ground.