Liability cases are rising as the top leaders of corporations are being held personally accountable for data breaches. The Bank of Ireland, for example, was recently fined a record €24.5m and publicly reprimanded by the Central Bank of Ireland for IT failures dating back to 2008. The visible cost of malicious cybercrime attacks is estimated to cost the world over $10.5 USD trillion by 2025. But that’s nothing compared to the headaches being created by regulatory changes. So what can C-Suite executives do about these rising threats?
The illusion of liability insurance
Insurance policies may reassure corporations and play down initial concerns related to cyber security, and data privacy. But fine print matters. The insurance market is being destabilized by the rise in ransomware attacks, and cyber breaches will continue to cause aggregated financial losses. ADCG’s Jody Westby analyzes this dynamic in her recent article, Fending off the Lions, and highlights the need to apply a holistic approach to risk assessment, and to reverse engineer the data collected by insurance companies in order to build better resilience strategies.
Patience and speed do not go hand in hand in the digital decade, as we saw with the Colonial Pipeline Hack. Supply chain disruption translated to significant business disruption and service continuity issues for gas stations, rising prices for gas and oil, and a decrease of confidence in the company’s ability to get services back up and running–and of course in its ability to minimize cyber risk.
The Bank of Ireland, now invests heavily in its IT resilience strategy, and is working to ensure no loopholes are left unpatched for the future. But the more organizations invest in technology alone to build protection and security, the more criminals and scammers alike will try to get a foot in the door and circumvent technical security and firewalls. As soon as they have a foot in the door, they will use any means at their disposal to open other doors using both malicious IT software and human hacking.
Cyberattacks are more personal than you might think
Social engineering is responsible for over 96% of cyber breaches since COVID forced industries to work remotely, thus increasing the human surface attack. The decision-making pressure on the Board of Directors, CEOs, and other C-suite leaders is unprecedented at a time where cybercrime is soaring across the world.
The pandemic doesn’t help with this trend. Cybercriminals tend to have an in-depth understanding of how to prey on the human vulnerability of a remote or hybrid workforce. No matter how much an organization invests in technical firewalls that are state of the art, emotional firewalls cannot be managed or upgraded like technology.
Integrating the human factor in the cyber threat profile of any organization can feel painful when human error keeps your most valuable assets at risk for data theft, ransomware hijacks, and commercial espionage. The question is no longer focused on avoiding a cyber breach but on operating as if you will be compromised. The World Economic Forum (WEF) has called for societies to move from cyber security to cyber resilience across people, processes, and technology pillars. What does that look like at the human level?
The importance of emotional intelligence
There are many parameters to consider when building cyber resilience. One of the critical success factors involves managing fear. As criminals are getting more sophisticated in the type of personal data they are hacking, victims can get lost in the ramifications when that data gets leaked. Hackers often obtain sensitive personal secrets–gleaned from browsing histories and credit card statements–and use it to blackmail the people within an organization. These type of fear-based tactics can be most effective at the C-suite level, where the most impactful decisions are being made–like the decision to pay a ransom.
That’s why leaders need to develop emotional intelligence strategies to decrease the risk of reacting based on fear or impulse during a ransomware attack.
We hear a lot about emotional intelligence, but what is it exactly? According to Thrive with EQ, Emotional intelligence (EQ) “is a set of emotional and social skills that influences how we perceive and express ourselves, develop and maintain social relationships, cope with challenges and use dynamic information effectively and in a meaningful way.”
Fear arises when there is a gap in our mental model of the world. When we don’t know what to do or how something will play out, our brain sends our body into a stress reaction mode of fight-flight-freeze. Using practical and tailored EQ strategies–like those developed by EQ pioneer Daniel Golman–can help C-suite leaders anticipate consequences and implement a personal incident response plan.