Book Image

Building a Cyber Resilient Business

By : Dr. Magda Lilia Chelly, Shamane Tan, Hai Tran
Book Image

Building a Cyber Resilient Business

By: Dr. Magda Lilia Chelly, Shamane Tan, Hai Tran

Overview of this book

With cyberattacks on the rise, it has become essential for C-suite executives and board members to step up and collectively recognize cyber risk as a top priority business risk. However, non-cyber executives find it challenging to understand their role in increasing the business’s cyber resilience due to its complex nature and the lack of a clear return on investment. This book demystifies the perception that cybersecurity is a technical problem, drawing parallels between the key responsibilities of the C-suite roles to line up with the mission of the Chief Information Security Officer (CISO). The book equips you with all you need to know about cyber risks to run the business effectively. Each chapter provides a holistic overview of the dynamic priorities of the C-suite (from the CFO to the CIO, COO, CRO, and so on), and unpacks how cybersecurity must be embedded in every business function. The book also contains self-assessment questions, which are a helpful tool in evaluating any major cybersecurity initiatives and/or investment required. With this book, you’ll have a deeper appreciation of the various ways all executives can contribute to the organization’s cyber program, in close collaboration with the CISO and the security team, and achieve a cyber-resilient, profitable, and sustainable business.

Related Content you might be interested in

Current Title:

Small book image
Building a Cyber Resilient Business
Dr. Magda Lilia Chelly | Shamane Tan | Hai Tran
Nov, 2022 | 232 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Cybersecurity and Privacy Law Handbook.
Walter Rocchi
Dec, 2022 | 230 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
Download the color images
Get in touch
Share your thoughts
1
Chapter 1: The CEO Cyber Manual
Chapter 1: The CEO Cyber Manual
Why cybersecurity should be a CEO’s priority
Understanding cyber risks and their implications for businesses
Understanding cybersecurity challenges, organization, and reporting
Quantifying cyber costs versus return on investment
Building a culture of cybersecurity
Preparing a business for cyberattacks
Cybersecurity considerations for a CEO’s first month
Questions to ask yourself as a CEO when considering your cyber risk coverage
Summary
Free Chapter
2
Chapter 2: A Modern Cyber-Responsible CFO
Chapter 2: A Modern Cyber-Responsible CFO
Why the CFO should care about cybersecurity
The CFO’s understanding of cybersecurity
The aspects of cybersecurity the CFO should consider
Defining the CFO’s role in building cyber resilience
Communicating with the CFO about cyber risks
Questions to ask your CFO
Summary
3
Chapter 3: The Role of the CRO in Cyber Resilience
Chapter 3: The Role of the CRO in Cyber Resilience
Understanding the role of the CRO and its key focus areas
Analyzing the CRO’s key priorities
Identifying the CRO’s challenges
Developing the right mindset as a CRO
Understanding the collaboration potential between the CRO and CISO
Questions to ask your CRO
Summary
4
Chapter 4: Your CIO—Your Cyber Enabler
Chapter 4: Your CIO—Your Cyber Enabler
Understanding the CIO’s role and the impacts their decisions have on cybersecurity
Differences and commonalities between the CIO and CISO roles
Getting ahead of cybercriminals
How the CIO supports your security
Questions to ask your CIO
Summary
5
Chapter 5: Working with Your CISO
Chapter 5: Working with Your CISO
Understanding the role of the CISO
Your CISO’s understanding of your business
Priorities for a new CISO
Addressing cybersecurity challenges
Questions to ask your CISO
A Bonus Segment for Our CISOs—Decoding Your CxOs’ Expectations
A Bonus Segment for Our CISOs—Purchasing Cyber Insurance
A Bonus Segment for Our CISOs—Reporting to the Board of Directors
Summary
6
Chapter 6: The Role of the CHRO in Reducing Cyber Risk
Chapter 6: The Role of the CHRO in Reducing Cyber Risk
Why the CHRO should care about cybersecurity
The transitioning role of the CHRO
How the CHRO supports cyber resilience
The challenges CHROs face with cybersecurity
Questions to ask your CHRO
A bonus segment for our CISOs—recruiting and building your cybersecurity team
Summary
7
Chapter 7: The COO and Their Critical Role in Cyber Resilience
Chapter 7: The COO and Their Critical Role in Cyber Resilience
Understanding the role of the COO
Why the COO should care about cybersecurity
Where the line is between the COO and the CISO in terms of responsibility for business continuity
Operational technology and cybersecurity—a necessity in today’s world
Business continuity plan management—the dos and don’ts
Questions to ask your COO
Summary
8
Chapter 8: The CTO and Security by Design
Chapter 8: The CTO and Security by Design
The role of the CTO
Why the CTO should care about cybersecurity
How the CTO becomes a security ally
Secure coding and secure software development
Conflicts of interest and collaboration between the CTO and the CISO
Questions to ask your CTO
Summary
9
Chapter 9: The CMO and CPO—Convergence Between Privacy and Security
Chapter 9: The CMO and CPO—Convergence Between Privacy and Security
What the CMO and CPO roles have in common
The role of marketing and privacy in cybersecurity
The intersection of privacy and security
The role of marketing and communication following a cyber incident
Questions to ask your CMO and CPO
Summary
10
Chapter 10: The World of the Board
Chapter 10: The World of the Board
Understanding the world of the board
The board’s structure
The board’s interests in cybersecurity
The CISO’s seat at the table
Speaking the board’s language
What not to do in the boardroom
Reporting to the board (an add-on for CISOs and a reference for CEOs)
Boards and mergers and acquisitions
Asking the board the right questions and setting up your CISO for success
Summary
11
Chapter 11: The Recipe for Building a Strong Security Culture—Bringing It All Together
Chapter 11: The Recipe for Building a Strong Security Culture—Bringing It All Together
Building a robust security culture
Bringing it all together
CISO add-on—building a cybersecurity culture
The different building blocks
Varying your training
Cloud-sharing responsibility
A hands-on cyber-awareness program
What kind of community are you building?
Questions to ask yourself about building a culture
Summary
12
Index
Index
Why subscribe?
13
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

The CFO’s understanding of cybersecurity

Shamane Tan, chief growth officer at Sekuro and founder of Cyber Risk Meetup, a global community for prolific cybersecurity conversations and exchanges, and co-author of this book, commented on a discussion with the CFOs that she was involved in: “Even amongst the CFOs, they recall that the conversation about cybersecurity only started to come up a decade ago when the insurers asked corporate CFOs what the company was doing about cybersecurity.

When insurers began asking about cybersecurity over ten years ago, it was likely one of the first times CFOs would have heard about cybersecurity. It’s worth noting that these first conversations did not begin within an organization but were driven by those asking from outside the organization. Within an organization, it has not been a concern generally. Magda (co-author of this book) had a CFO mention to her that he trusted his security team and so wasn’t going to purchase cyber insurance.

With the increase in cyber risk and inevitability of cyberattacks, it is critical to understand that foolproof security does not exist. Within such a complex and interconnected environment, cybercriminals nowadays can find weaknesses within people, processes, and technology. A cyberattack can also happen through a supplier or vendor. It is just a matter of time.

A group of hackers known as “London Blue” targeted more than 50,000 finance executives, including 35,000 CFOs, with bogus requests to transfer money. The scams were estimated in an Agari report (https://www.agari.com/cyber-intelligence-research/whitepapers/london-blue-report.pdf) to have caused hundreds of thousands of dollars in damage. CFOs and the finance executives within an organization are not immune to being targeted and are not necessarily cyber-savvy to such scams. That must change.

In today’s world, insurers take cyber risks into consideration and provide cyber insurance to organizations as a risk transfer option. This requires risk profiling of a company. Cyber insurance helps CFOs to become cyber aware and requires a shift in their perception of cyber risk. This switch in mindset also correlates directly with both the frequency and the cost of cyberattacks. As a result, cybersecurity is now formed as part of the risk register.

Nevertheless, for CFOs, understanding cyber risks and cybersecurity as a whole can be a lengthy and frustrating process. Cybersecurity is complex, the solutions not always enough to mitigate risk, and confusing technical jargon are just a few of the reasons CFOs find it challenging. Your organization might have cybersecurity hardware and software to protect your business against cyberattacks. However, it only takes one weakness to incur financial losses.

People, processes, and technology are not immune to cyber threats. Specific to the finance team, phishing, social engineering, and Business Email Compromise (BEC) have been some of the most common cybercrimes. The FBI’s Internet Crime Complaint Center (ICCC) cybercrime report found BEC schemes to be the costliest of all cybercrimes, leading to losses of approximately $1.8 billion in 2020 alone.

A good example is an employee processing the payment of a fake vendor invoice, which can lead to the misdirection of tens of thousands or even hundreds of thousands of dollars. Those social engineering cyberattacks work by targeting humans and processes. This type of cybercrime has increased in recent years, and while some companies have addressed this cyber risk to prevent financial fraud/loss, others continue with their traditional approach and ignore critical cybersecurity pillars, people, and processes. “It can’t happen to us” remains the pervasive perspective.

Importantly, a CFO is not required to learn technical cybersecurity concepts. But they do need to consider cyber risks that might materialize from a weakness in people, processes, or technology. Understanding and communicating that foolproof security does not exist is among the first steps, along with increasing the budget to help address strategic initiatives. Further, it requires continuous support and the company’s readiness to respond when an attack happens.

It is also worth noting that when it comes to cyber insurance, not every single cyber event will be covered, which means that companies will not be able to transfer all of their risk through insurance. Take, for instance, a ransomware attack—insurance companies now deny insurance payouts for ransomware payments.

Yet ransomware attacks are only one cyber risk to a company. The following section outlines key aspects of cybersecurity that are helpful for CFOs to consider.

Previous Section
End of Section 3
Next Section