How Executive Officers Can Save Face by Increasing Their Cyber Literacy
Amy Pascal was one of the most powerful people in Hollywood. As the co-chairman of Sony Pictures Entertainment, Pascal steered the studio to both commercial success (producing billion dollar blockbuster James Bond and Spider-Man films) and critical acclaim (green lighting movies such as Zero Dark Thirty and American Hustle). She worked hard to earn her reputation and became widely celebrated as one of few women to make it to the top of Tinseltown.
But Pascal’s charmed career went into a free fall in 2014 after Sony was struck by a major cyberattack. A state-sponsored, North Korean hacker group known as "Guardians of Peace" breached Sony’s computer network and leaked a slew of internal company documents. The documents included a series of embarrassing emails in which Pascal made racially insensitive jokes about President Obama, slammed Hollywood celebrities, and revealed that she had been paying actresses less than their male co-stars. Pascal’s emails were picked apart by the media and she quickly became a public punching bag. Within a few months, Pascal was fired — ending an 11-year tenure at the top of Sony Pictures.
Cyberattacks: A Threat To Your Reputation — and Career
Legendary business mogul Warren Buffett once remarked, “It takes 20 years to build a reputation and five minutes to ruin it.” Amy Pascal spent 18 years at Sony Pictures, ascending to the highest heights of Hollywood. It only took a single cyberattack to leave her reputation in tatters.
Pascal is far from alone in experiencing a career-killing cyberattack. In recent years, a growing number of business leaders have been pushed out the door for their botched response to breaches. In 2014, Target CEO Gregg Steinhafel resigned after hackers stole 70 million customer records from the retail giant. In 2017, Equifax’s CEO, CIO, and CSO were all forced to retire after hackers swiped more than 145 million customer records from the consumer credit reporting agency.
Even when senior executives manage to hold on to their jobs, they can still suffer serious consequences if a successful cyber attack happens on their watch. For example, in 2016, it came to light that Yahoo had been hit with a series of breaches that affected billions of user accounts. Following an investigation that found managers reacted too slowly to the breaches, Yahoo’s board withheld millions of dollars in bonuses and equity from CEO Marissa Mayer.
As a Senior Executive, What Should You Do?
Executives and board members have always had to adjust to a wide array of risks threatening their organizations. But over the last few years, cyber incidents have become one of business leaders’ biggest fears. A 2018 survey by PwC showed that cyber threats are U.S. CEO’s single greatest concern — even polling ahead of uncertain economic growth, over-regulation, and an increasing tax burden. Frankly, it should be no surprise that thoughts of potential digital debacles are keeping corporate executives up at night. The experience of Amy Pascal, Gregg Steinhafel, and countless other CEOs makes it quite clear: all it takes is one cyber incident to end a career.
The problem is that too many business executives are still operating under the mistaken belief that cyber issues are solely the responsibility of the IT department. They think that cybersecurity is just too technical and are not interested in taking the time to learn more about it. However, ignoring cyber threats does not make them go away. Business leaders who continue to neglect digital dangers are putting their organizations, and their jobs, in peril.
Other managers are painfully aware of just how little they know about cyber risk. Reports have shown that a whopping 90% of corporate executives say they can't read a cybersecurity report and aren't prepared to handle a major attack. This epidemic of cyber illiteracy is proving to be a serious liability for businesses.
The good news is that there’s hope. Cyber risks can be understood, monitored, and managed. There’s no need to be a technophobe! Cyber risk is simply another type of enterprise risk. The cybersecurity lexicon may sound like a foreign language, but once you get past the technical jargon, the risk management techniques will seem familiar and become clearer.
We’re Here to Help
If you need to get up to speed on cybersecurity essentials so you can understand, monitor, and manage your organization’s cyber risk, check out our Resolve Program. We’ve just launched our Digital Cyber Risk Program that allows senior executives to learn at their own pace from a desktop or mobile device. Let us empower you with the knowledge to protect your organization and your career from the dangers posed by cyber threats.