Security is one of those words that is associated with hackers, reputational failures, and fear, uncertainty, and doubt. I disagree: Security, when done properly, can be one of the biggest investments you make. It is crucial to building customer trust and safeguarding digital investments. Furthermore, responding well to a breach can enhance shareholder value and customer trust in the long term. Come and join us at the Forrester Privacy & Security 2018 Forum in Washington, D.C., September 25–26 and at the Forrester Privacy & Security Europe 2018 Forum in London, October 9–10 to learn how companies are using a proactive security approach to get taken seriously in the boardroom and enhance their organization. For example, they:
- Recognize that security is about serving the business. Security is no longer a back-office IT function. Companies that understand this are embedding security at the board level within their organization and lines of business. Security is an integral part of the customer experience and is a foundational element of the digital transformation. Done well, security can be a force for good and is fundamental to safeguarding digital investments. This is what makes these organizations so effective at serving and retaining their customers.
- Engage effectively with the board. Boards of directors are more cyberaware. However, not all cybersecurity professionals are at home in the boardroom. The security executives who we work with engage with the board effectively by talking the language of risk. They do not use the language of vulnerabilities and technical exposures. They tailor their communication effectively to the board and help them make informed investment and operational cyber risk management decisions.
- Respond effectively when a breach does occur. It is now a normal expectation that your organization will suffer a security breach. The breaches that tend to make the headlines are those where the organization has botched the breach response. Also an issue is when an organization hides the true facts from its customers and consumers. For example, Uber and Yahoo disclosed security breaches to consumers one year after the fact. This ultimately became as much of an issue as the actual breach of security. Effective organizations: 1) plan for a failure of security; 2) regularly test their incident response procedures; 3) test incident response scenarios with the board; and 4) have established and coordinated crisis management plans in place.
If you want to discover who these companies are, gather more insights about their strategies to inspire and inform yours, and meet some of those that have done it, come and join me during my keynote at the Forrester Privacy & Security 2018 Forum in Washington, D.C., September 25–26 and at the Forrester Privacy & Security Europe 2018 Forum in London, October 9–10. See you there!