As the scale and complexity of the cyber threat landscape is revealed, so too is the general lack of cybersecurity readiness in organizations, even those that spend hundreds of millions of dollars on state-of-the-art technology. Investors who have flooded the cybersecurity market in search for the next software “unicorn” have yet to realize that when it comes to a risk as complex as this one, there is no panacea — certainly not one that depends on technology alone.
Spending millions on security technology can certainly make an executive feel safe. But the major sources of cyber threats aren’t technological. They’re found in the human brain, in the form of curiosity, ignorance, apathy, and hubris. These human forms of malware can be present in any organization and are every bit as dangerous as threats delivered through malicious code.
With any cyber threat, the first and last line of defense is prepared leaders and employees, whether they are inside an organization or part of an interconnected supply chain.
And yet organizational leadership all too often demonstrates outright technology torpitude. An unprepared, lethargic leadership only amplifies the consequences of a security breach. The scale of the Yahoo breach disclosed in 2016, combined with the fumbling response, cost the company and its shareholders $350 million in its merger with Verizon and nearly scuttled the entire deal.
To prepare for and prevent the cyberattacks of the future, firms need to balance technological deterrents and tripwires with agile, human-centered defenses. These vigorous, people-centric efforts must go beyond the oft-discussed “tone at the top” — it must include a proactive leadership approach with faster, sharper decision making. As cyber threats grow exponentially, comprehensive risk management is now a board-level priority. Indeed, the iconic investor Warren Buffett highlighted cyber risk as one of the gravest concerns facing humanity during Berkshire Hathaway’s annual meeting.