5 Questions CFOs Should Ask, Escape Your Echo Chamber, and Up Your Cybersecurity Game – BSW #270

Here are five questions CFOs should be asking their CISOs about the security of their companies.

1. How secure are we as an organization?
2. What are the main security threats or risks in our industry?
3. How do we ensure that the cybersecurity team and the CISO are involved in business development?
4. What are the risks and potential costs of not implementing a cyber control?
5. Do employees understand information security and are they implementing security protocols successfully?

While leaders are broadly aware of the importance of creating a psychologically safe culture to encourage candor, they are less cognizant of how subtle leadership behaviors can get in the way of people speaking up. In this article, the author shares behaviors that leaders might not realize shut down dissenting perspectives and offers guidance about what to do instead. Taking these actions will help you step outside the bubble of agreement where many leaders unwittingly exist.

Here are a few tips for incorporating empathy into your leadership style:

1. Be open to new perspectives.
2. Listen actively.
3. Show that you care.
4. Put yourself in their shoes.
5. Communicate effectively.

Various studies have shown that employees are willing to quit over a lack of flexibility; one survey from GoodFirms published at the end of 2021 found that 70% of HR managers pointed to flexibility concerns as a reason for resignations — the most cited cause in the survey.

Let’s consider some relevant industry data (i.e., cybersecurity compliance statistics) that shows exactly what we mean by all of this.

1. 93% of Employees Are Overly Confident About Their Cyber Preparedness
2. 50%+ of Employees Aren’t Aware of Their Organization’s New Cybersecurity Policies
3. 44% of Companies Require Vendors to Provide Proof of Cybersecurity as Part of Their RFPs
4. 45% of Organizations Globally Will Experience Supply Chain Attacks by 2025
5. GDPR Noncompliance Fines Hit Nearly $100 Million in First Half of 2022
6. 46% of Medical Device Companies Say They’re Compliant With Cybersec Regulations & Standards
7. 80% of Medical Device Manufacturers View Device Security as a “Necessary Evil”
8. More Than 22 Billion Records Were Exposed on 4,145 Publicly Disclosed Breaches in 2021
9. 23% of Organizations’ Public Cloud Security Incidents Resulted From Misconfigurations
10. 39% of Companies Rank Compliance as One of Their Top Three Day-to-Day Headaches

Companies have overlooked culture in the past. But when employees have endless options, improving culture and morale is vital.