Too often, cybersecurity is focused on technology and framed as a choice between two extremes.
On one hand, you have simplistic “red, yellow, green” or “high, medium, low” methods. These are often slick, fully automated, beautiful looking programs…but they also gobble up a lot of time and money for very limited effectiveness and practical benefit. In other words, this method is often not that much better than spending a few minutes making a back-of-the-envelope calculation. Pass.
The other side of the equation, there are the tech-focused options. Executives (and other non-tech personnel) are forced to decode cybersecurity jargon and advanced statistics in order to understand the technical vulnerabilities and probability estimations. On the off chance that everything makes sense, the overly complex “solutions” will require more time, money, and energy than your firm can devote to the task. No, thanks.
No wonder many executives are (begrudgingly) walking away from the decision entirely and letting IT handle (or mishandle) cyber risk mitigation.
If you are wondering why no middle ground exists, you’re not alone. We used to wonder the same thing – that’s why our Founder and CEO, Kip Boyle, invented the Cybersecurity Executive Toolkit, built a service around it, and wrote a book about it.