Why executives don’t pay enough attention to security


Cybersecurity is one of the most important topics in business today, but it can be hard for executives to understand how much they should be investing in their companies’ defences. This may be a result of basic human biases, Alex Blau argues in Harvard Business Review. A central problem is that executives treat security as a finite, static problem that’s solvable by checking the right boxes. But attackers are constantly evolving, and cybersecurity requires risk management rather than mitigation, Blau writes. He suggests that executives need clear narratives that play on emotion; new metrics for success; surveys of peer companies; and negative feedback that proves the company’s weaknesses, including staged demonstration attacks. 

Read more in Harvard Business Review >