ChatGPT: Uncovering the opportunities and threats for cybersecurity
ChatGPT's emergence has captivated businesses and individuals, offering potential productivity enhancements. However, it also introduces new threats to cybersecurity.
May 30, 2023
November 9, 2022
Cyber risk is one of the main challenges businesses face today.
Yet, according to the World Economic Forum, cybersecurity failure is still perceived as a short-term risk⏤increasingly leaving many vulnerable due to a "lack of readiness."
Whether you’re a tech leader or a board member, you share a responsibility to ensure the most important data is protected so that your business can move forward.
Kendra Ross is a cyber entrepreneur with a wealth of experience working on and with boards to highlight the importance of cyber resilience—here are her best tips for talking about the ‘S’ word (security) with your board.
Every business is going to have a different risk profile.
The first place to start is understanding what that means for your organisation. Ask:
At the end of the day, this is what makes a viable business—your data. A smaller organisation may value their Instagram account as their most important asset, however this isn’t necessarily going to be the case the larger a business is. “It’s more likely going to be your supply chain,” says Kendra.
It's not just about your Plan A... what is actually more important is your Plan B and your Plan C.
After understanding the what and why, next comes to who. Who is responsible for what? Will you have to use a third party or do you have the resourcing internally?
Additionally, in the case of a data breach, your plan must include your response for when (not if) it happens. “No organisation, big or small, will be a hundred percent secure. That’s just not possible. Not when we’re in a digital world. Software has vulnerabilities. We’re doing business with multiple parties. We have lots of risk profiles in terms of the people as well as the technology,” explains Kendra.
This means to ask more questions in the event of an incident:
“The board actually needs to be responsible,” says Kendra. “It starts at the top in terms of behaviour.”
When an incident occurs, the board will be the first port of call. They need to have a spokesperson, and they need to know what the plan is—especially what resources are available in terms of budget and people.
The board is accountable for their own cyber resilience, too. This means that it needs to start and be practised at the board level.
Kendra suggests considering if the board will be well-versed in having cybersecurity conversations in the first place, or if an external advisor is needed. Alternatively, the board should have people that are building their own security knowledge via courses, books, and podcasts.
It’s fundamental to have a “mutually respectful relationship” with your board to be able to prioritise cyber resilience.
“Making sure we are speaking the same language is going to be important,” says Kendra.
From a management point of view, it’s how you tell that story to the board—and it’s critical that you’re getting you message across by putting the board at the centre of the story. “Make them the heroes.”
Internally, set up a subcommittee for cybersecurity just as you would with health and safety or compensation plans, and include both management and board members.
Cybersecurity is a competitive advantage. Kendra ends with encouraging businesses and boards to see the economic opportunities in securing your data.
It's an essential part of business strategy. "Trust is currency in the market and the more trust people have in your products, the more they're going to engage with your products and your services."
To watch the full chat, head to our YouTube channel. If you prefer the audio version, the latest episode of Upwards with Kendra Ross is now available.
“The pre-built policy was one of the most valuable features for us. And the list of action items we needed to get better. I can tell the board that we have a security policy in place and we're working through the list of standards. It's a really easy way to get your security sorted. That's the main thing for us ⏤ it makes our lives easier.”
Tane van der Boon
Founder & CEO