Business Resilience Hinges on Cybersecurity Awareness, Tech Show London

A business-wide understanding of cybersecurity is crucial to ensuring companies stay ahead of incidents, a panel of experts said at this year’s Tech Show London, taking place this week. 

Speaking at the event, which had a particular focus on emerging AI, cloud and cybersecurity innovations, Chris Green, EMEA’s head of communications, Jessica Figueras, chief executive of Pionen and Hazel McPherson, chief information security officer at ALD Automotive, shared their thoughts on how businesses can integrate a holistic understanding of cybersecurity into day-to-day operations.

“Cybersecurity professionals have a challenge of getting people to understand exactly what we do, why it’s important and the realities of what it looks like,” said Green. “It’s about achieving mainstream understanding of these things.

“There’s a real problem with an overdramatization of cybersecurity in mainstream media, and there’s a danger of over-hyping cybersecurity issues. The challenge then is to convey the realism of the situation and this starts with individual organizations. The whole business needs to understand the threat and the appropriate way to react.”

To ensure all strands of a business – not just the security team – understand the threat, effective communication is key.

Related:Generative AI: The New Frontier in Cybersecurity

“If you don’t have the ability to explain things in a way that resonates with people, you’re missing something,” said McPherson. “The problem with the Hollywood effect of cybersecurity is you have to normalize things and change the perception of it being just another business risk.”

“It’s helpful when organizations develop a shared language of risk management,” said Figueras. “It’s unrealistic to think you can prevent risks entirely, but being able to speak in a shared language is important to also protect cyber security teams from bearing the brunt of blame for when incidents do occur.”

Connecting Business, Cybersecurity Is Crucial 

Connecting the business and cybersecurity strands of companies was also highlighted by the speakers as a crucial strategy.

“Being able to translate technical risks to business risks is harder than it seems,” said Figueras. “And each business will have its own unique set of challenges and priorities, there’s no one-size-fits-all. And it needs to be a two-way street, cyber teams need to engage with the business, and the business needs to be savvy to the risks and be prepared to engage with the cyber team.”

Clear Response Plans

The panelists also highlighted the need for businesses to have clear, formulated response plans in place for when cybersecurity incidents do occur, and for these plans to be understood business-wide.

“Companies need proper, articulated plans where the risks and the responses have been defined,” said Green. “Organizations that handle incidents most effectively are the ones where people have a contingency plan, and know exactly how to enact it,

“These plans aren’t just about processes, they’re also about communication. You want a plan that everyone can put their hand on, so you’re all operating from the same place.”

“These responses need to be drilled into the culture,” said McPherson. “It can’t just be box-ticking, it has to be practiced company-wide. Cybersecurity should just be a part of an enterprise’s risk management plan. If you do this, it also means managers have more time to focus on actually securing things rather than just covering yourself.

“The main takeaway, I would say, is to make cyber normal. It’s not special, it’s not sexy – make it relatable and personal. Then people will bring that security with them every day.”