In a recent LinkedIn post, a user asked this question.
“In my experience, businesses still don’t view cybersecurity as a priority. At what point does a business start to concern themselves? Most tend to take action re-actively. So, does this mean there is a lack of desire/urgency in understanding cyber risks?”
The most difficult senior decision-makers are the Willfully Ignorant: AKA “head in the sand”. I continue to meet a lot of people like this. When I encounter them, I quickly wish them the very best and get on with my day.
On the other end of the spectrum, there are some senior decision-makers who really understand how much of an existential risk cyber has become. I haven’t met a lot of these people, but they are great to work with. I’m often asked to help convert their subordinates into “believers”.
All the others I would categorize as viewing cyber risk through the filter of their own personal risk appetite. The thrill-seekers treat all kinds of major risks with a certain casualness. Then there are those who only sleep well at night knowing all their money is safely inside their mattress; they generally shun computers. There’s very little I can do to change their filters, but I’m able to help most of them in some way.
I’ve also realized that senior decision-makers manage a lot of very serious risks every day. To them, cyber is just another shiny dot on their radar screen. Other dots include product/market fit, sales, order-fulfillment, and accounts receivable. A major failure in any one of these areas could doom their business or seriously derail their own careers.
To be honest, it wasn’t until after I became an entrepreneur myself that I was able to see and understand all that I just wrote. I now have a lot more empathy for senior decision-makers with respect to cybersecurity.