In my career I have seen two market changing situations first hand: at Barclays during the credit crisis and at Equifax during the security breach.At Barclays during the credit crisis leading several unsecured loan products. Before 2008 I was not given a single second of credit risk training. The products I led went through a committee which included credit risk. Credit risk at the time was seen as a nuisance, something to get by in order to start creating profitable products. Things sure did change post credit crisis. Credit risk became an extremely powerful department and each product lead was given extensive credit risk training on forming their business case for their products. I became as strong an expert on the credit risk associated with my products as the marketing, operations, and sales associated with them. A similar trend is occurring in cyber risk that occured in credit risk during the credit crisis. We are currently in a security crisis and finally CEOs are starting to catch on. In Fortune magazine (2) US CEOs rated Cyber Security as their top external threat above recession risk. The reason it has taken so long to catch on is because in spite of multiple breaches over the years, there has not been a long-term effect on a company stock price. A public company is responsible to its shareholders and unfortunately none of these breaches have had a long-term impact to the stock. Ebay, Target, and, Marriott all were at record highs within a year of their breach (1).That is until Equifax. In May, for the first time ever, Moody’s downgraded a public stock for cyber risk. Finally, Wall Street is wising up to the true damage that can be caused to a company due to its cyber risk. Equifax has already spent about $1.4B in total breach costs, but that is only a fraction of the true cost to the company. We are nearly two years since the breach and this breach has materially affected the long-term outlook of the company. The stock is still 7% below its highs in spite of a market that has grown over 10% since the breach. In other words a 17% drop in reality since the breach versus current market levels or $2.5 Billion in market cap due to lacking a culture of security. I personally was managing new products for Equifax in the marketing department at the time of the breach. Equifax rightly had the same shift in their attitude towards security risk as Barclays had in their stance towards credit risk. Equifax lacked a culture of security and they are paying for it in the long-term with their brand reputation and long-term stock value. If you are the CEO of a fortune 500 company you know you have a responsibility to your shareholders, employees, and the general public (whose information you protect) to establish a culture of security enablement
in your organization. This means that you need to give your employees, and not just your security employees, appropriate training for the role they hold. You need to give your IT department, product, marketing, sales, finance, and board the appropriate security training. Otherwise as a CEO you are being irresponsible with your customers information and therefore the lifeblood of your company. As the market leader in Cyber Security with over 2.5M users across the world, we understand better than any company what it takes to provide the appropriate professional development opportunities for your enterprise across each work role. Don’t be left unprepared. Enable your company against security threats. You owe it to your employees, shareholders, and customers to enable your whole company with the professional development they need to be secure.
Watch the Leif Jackson's interview discussing Security Enablement
References (1) https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html(2) https://www.conference-board.org/press/pressdetail.cfm?pressid=7650