FacebookFacebook icon TwitterTwitter icon LinkedInLinkedIn icon Email

Brain circuits

Three things executives are getting wrong about cybersecurity

Published 1 September 2022 in Brain circuits • 3 min read

The unfortunate reality of today’s business environment is you will be hacked. This shouldn’t cause great fear among your executive team, but it is imperative that executives are prepared. How worried are you about cyber-attacks affecting your company? Take a moment and rank whether you agree with the following statements from one to five, with one being ‘disagree’ and five being ‘strongly agree’:

  1. I’ve hired a first-class cybersecurity team, so I am not very concerned about the likelihood of an attack.


  1. My company is on the smaller side, and generally under the radar, so there is no reason for me to be too concerned about possible cyberbreaches.


  1. We have cyber-insurance, so our risk is significantly lower.


Look at your scores. If you have anything higher than a two in reference to any of the above statements, read on, because you are making some mistakes common among many executives, and you may need to rethink your cyber-strategy.

1 – Beware of a false sense of security.

A first-class IT team well-versed in cyber security may give executives in other departments a false sense of security. We know from statistics that 85% of all cyber breaches occur because of human error. Because individuals are being targeted to get into systems, human behavior is the critical factor in protecting and preventing system breaches. Executives need to therefore ensure that everyone who has access to their systems knows what to do in the event of a breach. No matter how strong your IT team may be, they can’t control what sort of mistake an individual might make by clicking on something they shouldn’t before that first cup of coffee.

2 – Size doesn’t matter the way you may think it does.

Your company may be small, but that may make you attractive to potential hackers who are looking to use your company to reach larger partners. In the 2013 attack on Target, criminals targeted a small business, specifically a vendor who dealt with air conditioning service. They were able to steal an employee’s password through a successful phishing attack at the air conditioning company and then through the billing system get into Target’s larger network.

3 – Insurance is getting more expensive and harder to use.

As risks and expenses grow, the insurance landscape is rapidly changing. Some major insurers are no longer including ransom payments as insurable, only the cost of lost business. Furthermore, an increasing number of cyber-attacks are classified as state-sponsored, which some insurers classify as acts of war which frees them from liability.



Further interest: 

Video: Six cybersecurity trends for companies to get to grips with in 2022 with Öykü Işık


Oyku Isik IMD

Öykü Işık

Professor of Digital Strategy and Cybersecurity at IMD

Öykü Işık is Professor of Digital Strategy and Cybersecurity at IMD, where she leads the Cybersecurity Risk and Strategy program. She is an expert on digital resilience and the ways in which disruptive technologies challenge our society and organizations. Named on the Thinkers50 Radar 2022 list of up-and-coming global thought leaders, she helps businesses to tackle cybersecurity, data privacy, and digital ethics challenges, and enables CEOs and other executives to understand these issues.


Learn Brain Circuits

Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
Read more 

Explore Leadership

What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
Read more

Join Membership

Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
Sign up

You have 4 of 5 articles left to read.