Why Effective Cybersecurity Starts at the Top


`Wherever we may be, it is undeniable that technology has revolutionized our lives on a global scale. Apart from providing faster means of communication, devices like smartphones, tablets, and powerful computers have made our lives easier.

Thanks to tech firms, tedious chores from grocery shopping to banking can now be conveniently effected by a touch of a button or a swipe on a screen. As a result, the pace at which people and companies conduct business online can only be expected to soar.

However, increased digital activity is not without its drawbacks. Where companies exchange data with consumers for a satisfactory transaction, cybercriminals prowl for victims.  

Consumers can be sensitized to be vigilant, but they can only do so much, and it is mostly the companies that are equipped to mitigate cyber threats by enforcing security measures.

As witnessed across the globe, the recent wave of Covid-19 saw many organizations resort to working from home. Unfortunately, this trend may stay for the long run for its effectiveness, which brings about the need to secure the new working environment.

The ever-looming threat of cyberattacks cannot be underestimated, with both established and start-up organizations having fallen victims to cybercrimes. These attacks range from unwarranted access to financial and personal data to the impersonation of CEOs.

Even though cybercriminals are getting savvier on their strategies, many businesses remain nonchalant to the threats and fail to acquire the latest and quality cybersecurity tool. Unfortunately, this often ends with detrimental effects.

Cybercrimes can halt operational and financial aspects of an establishment resulting from theft of resources or intellectual property. It can also lead to payments of fines for exposed data. Worse still, the credibility and reputation of an establishment are affected, which can put off potential investors.

Undeniably, the risks are too big to warrant the board’s attention.

In addition to sanctioning funds for the acquisition of quality cybersecurity tools, the management should be at the forefront in instilling the following security measures.

Raising Awareness

It is hard to combat that which you don’t acknowledge.

Many users are aloof to cyber threats, and as such, they remain susceptible to criminals. Security Information Officers should lead the technology team in raising awareness of the dangers posed by cybercriminals. Brainstorming on the ever-proliferating cyber attacks and how to best counter them should be relayed to management for presentation to the board.

Creating awareness can emanate from simple drills aimed at helping employees in learning on how to protect themselves and the institution. In addition, making this an ongoing project can help employees to remain vigilant when sharing information on sites, using apps, and on how to safeguard their gadgets.

On top of raising awareness, it is important to constantly remind them of the consequences that may arise from laxity to cyberthreats. For example, exposure to corporate information can ruin a company’s reputation, causing loss of trust and revenue.

Employees can also endanger their own sensitive information by failing to secure their devices and their applications. Therefore, it is wise to use real-world cybercrime cases to stress the need for vigilance and the importance of updating cybersecurity tools.


It is often assumed that cybersecurity is solely the responsibility of the IT department. Contrary, it is a shared responsibility where the IT department accords the required expertise. The management should encourage behavioral attributes that help to implement cybersecurity measures.

Encouraging the use of strong and complex passwords or even password generators are simple steps that lead to big cybersecurity gains.

IT Heads, and their team should keep the rest of the management team up to date on the latest security protocols and potential threats for immediate communication to the rest of the staff.

Allocation of Resources

Chief Financial Officers play a huge role in allocating resources. Catering for Cybersecurity finances will help in funding training for staff throughout the departments. This should not be underestimated, seeing that hackers mostly target the most sensitive of data with financial information at the core.

Rather than advocating for a low expenditure, CFOs should lead in liaising with the Chief Information Officers on how best to invest in staff training and quality cybersecurity tools.


Lastly, CIOs and the rest of IT management bear the mandate to investigate whether their proposed measures are being implemented. For instance, they can keep tabs on personnel who have or needs to attend cybersecurity training programs.

They can also check how many staff members are keen on updating their devices to the latest software. Though simple, these metrics are key to measuring adherence.

Low engagement numbers might indicate vulnerability, hence the need to reassert proposed measures. Changing settings on vital applications to prompt password change can also encourage implementation. However, if the numbers are satisfactory, the management should commend the job done and highlight the benefits.


Customers feel safe when assured of the safety of the data they provide. The management’s collective responsibility is to communicate to their customers about the measures they are undertaking.

They can also add to their expertise by engaging their customers on how best to bolster their security, making the customer feel valued. This serves not just to boost cybersecurity but their partnership as well.

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.