AmCham Slovakia

As companies, governments, and organizations have become ever more dependent on digital systems for all aspects of business and operations, they have spent billions of dollars on cybersecurity. However, the financial consequences of cyber breaches have increased, seemingly in lockstep, with this increase in investment. For cybersecurity expert Thomas Parenty and management expert Jack Domet, co-founders of Archefact Group, the reason for this confounding situation is that the central focus of cybersecurity has been on technology—the vulnerabilities of computers and infrastructure—and not on the business risks to a company’s operations and strategic direction. No company has the resources to fix every cybersecurity problem and not all fixes are equally important so, they wrote A LEADER’S GUIDE TO CYBERSECURITY to show executives a more effective way to combat these issues.

Parenty and Domet argue that cybersecurity is fundamentally a governance problem and that a board of directors should provide the essential oversight with executives setting the management direction. This view is based on their thirty-five years of experience in the cybersecurity field across over forty countries, during which they have performed, managed, audited, or reported to boards on virtually every enterprise cybersecurity activity. In their book, they share four principles to help guide leaders:

If you don’t understand it, they didn’t explain it. Cybersecurity management and staff within a company are responsible for providing materials and briefings that non-specialists can understand.

It is the business at risk. All discussions and actions relating to cybersecurity and cyber risks start and end with the business and the risks to its operations and strategic direction, not with computers and their vulnerabilities.

Make cybersecurity mainstream. In both corporate organization and activities, take cybersecurity from siloed functions and incorporate it into mainstream operations.

Engage motivation. Understand and align the interests and motivations of staff and departments to incentivize behavior that leads to accomplishing cybersecurity goals.

In order to identify and mitigate the right threats, Parenty and Domet outline the responsibilities that form the foundation for cybersecurity oversight:

Manage Cyber Risks - Effectively managing cyber risks requires a clear understanding of the relationships among the most significant business risks a company faces, the types of cyberattacks that could cause these risks, and the mitigating controls to prevent or minimize their impact. Ensuring the effectiveness of the controls includes recognizing and accounting for the nontechnical dynamics that can negate even the most powerful technologies.

Fortify the Company - Companies can substantially improve the overall effectiveness of their cybersecurity activities by utilizing the tools of organizational structure, processes, and culture, while accounting for employee motivations and incentives.

Lead in Crisis - While preventative and defensive strategies are essential, a company also needs the capacity to recognize and respond to cyberattacks. Therefore, the executive team must prepare to lead the company during a cyber crisis. This includes how to treat the situations it will face and what decisions it will make during a crisis.

The authors conclude the book by including various detailed questions that executives can ask to better understand current cybersecurity defenses and risk management activities. Parenty and Domet both have decades of experience in addressing cyber risks across a diverse range of industries and government agencies, including financial services, retail, manufacturing, electric power, mining and nuclear command and control. As a result, A LEADER’S GUIDE TO CYBERSECURITY is an eye-opening look at what it takes to successfully manage cybersecurity risk in an organization.

ABOUT THE AUTHORS

Thomas J. Parenty is an international cybersecurity and privacy expert who, over the course of more than 35 years, has worked at the National Security Agency, testified multiple times before the U.S. Congress and advised government agencies and corporations across the globe. He is a cofounder of cybersecurity firm Archefact Group and author of Digital Defense.

Jack J. Domet is a management expert with more than 25 years experience in helping multinational corporations adapt to shifts in technology, globalization, and consumerism through organizational change. He is a cofounder of cybersecurity firm Archefact Group, where he focuses on building leadership and organizational capabilities in digital stewardship.