A 20th Century Mindset in a 21st Century Cyberthreat Landscape
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
The digital age has ushered in a new era of risk characterized by the relentless evolution of cyber threats. Yet, many corporate leaders persist in applying antiquated, 20th-century strategies to mitigate these modern digital risks. This disconnect between the sophistication of threats and the traditional approach to risk management is a significant contributing factor to the increasing frequency and severity of data breaches.
One primary reason for this reliance on outdated thinking is a need for more understanding of the digital landscape. Many executives, particularly older ones, grew up in a world where security was primarily a physical concern. They may have experience safeguarding assets from theft or vandalism, but they struggle to grasp the intricacies of cyber threats that operate in the intangible realm of ones and zeros. This lack of familiarity can lead to a reluctance to invest in modern security measures or to allocate sufficient resources to cybersecurity risk management initiatives.
Furthermore, the traditional risk management framework often prioritizes tangible assets over intangible ones. In the context of cybersecurity risk, this can result in a disproportionate focus on protecting physical infrastructure while neglecting the safeguarding of digital assets, which are often far more valuable. This myopic view fails to recognize that data breaches can devastate a company’s reputation, financial stability, and survival.
Another contributing factor to the persistence of 20th-century thinking in cybersecurity risk is the tendency of corporate leaders to rely on outdated metrics and KPIs. Traditional performance indicators, such as revenue growth and profitability, may need to capture cyber threat risks adequately. For example, a company may be experiencing record profits but also vulnerable to a data breach that could result in significant financial losses and reputational damage. This disconnect between traditional metrics and modern risks can lead to a false sense of security and a failure to invest in proactive cybersecurity risk measures.
Moreover, the hierarchical structure of many corporations can hinder effective cybersecurity risk management. In a top-down organization, decisions about cybersecurity risk are often made by executives who may need a deeper understanding of the business aspects of the problem. This can lead to implementing security measures ill-suited to the organization’s specific needs or failing to address emerging threats.
Finally, the fear of disruption and the desire for stability can contribute to a reluctance to embrace new cybersecurity risk management approaches. Many executives are hesitant to invest in innovative technologies or make significant changes to their cybersecurity practices. This fear of the unknown can prevent them from adopting proactive and adaptive strategies for mitigating modern cyber threats.
The persistence of 20th-century thinking in corporate cybersecurity risk management is a significant challenge that must be addressed. By fostering a culture of innovation, investing in modern security technologies, and adopting a more proactive approach to risk management, organizations can better protect themselves against the ever-evolving threat landscape.
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
The DVMS Institute teaches organizations of any size, scale, or complexity an affordable approach to mitigating cyber risk to protect digital business performance, resilience, and trust.
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
® DVMS Institute 2024 All Rights Reserved