Companies that focus too much on their technical vulnerabilities and not enough on understanding cyber risk as a business risk leave themselves more vulnerable to attack.
Too often, cyber security discussions are a jargon-filled tech fest centering around the vulnerability of specific items of technology. You feel you lack the knowledge to participate, you zone out, and you leave this vital function to the experts. Then a cyber attacker strikes. And in the aftermath, you’re surprised to learn that, despite all the discussion, your firm was in fact woefully underprotected.
Writing for Harvard Business Review, Thomas J Parenty and Jack J Domet explain that, when cyber security strategy is left to a small cadre of IT staff, it risks becoming a “long, ill-prioritised list of mitigation tasks”.