Boardrooms need to wake up to cyber security threat
Leading experts have warned that cyber security is not being taken seriously enough because boardrooms don’t understand the potential dangers.
John Denneny is the managing director of Manchester-based Pentest, which works with global blue chip organisations including many based in Silicon Valley.
He told a BusinessCloud cyber security and FinTech roundtable that the technicality of the subject leads to a “disconnect” at boardroom level.
“At board level they understand that security is important, but it drops so quickly into technical detail,” he said.
“At our company we’ve got people with firsts in maths from Cambridge who can do stuff that you just wouldn’t believe. It’s very hard to bridge the disconnect with board level.
“One thing we’ve done – although not very often – which is very powerful is create a 90-second video of us hacking a big corporate customer’s website to help illustrate problems for its board.
“But there is a danger with those videos: no one would pick up on a technical report if it leaked out on to the internet, but a 90-second video would be all over YouTube and the share price of that corporate would just tank.”
John Denneny, right, and the roundtable attendees
Andrew Avanessian, vice president of Avecto, a security software firm also based in Manchester, added: “Cyber security isn’t sexy.
"We always see people rushing to produce new systems, and get new technology to market, and security is always a secondary thought.
“People at board level either come from a sales or finance background and are not interested in security because they don’t understand it.
“Only four per cent of financial institutions have someone on the board that comes from a security background.
“There is a recognition that we need to do more to put technologists at board level who aren’t turned off by the detail you need to understand to actually implement this.
“It’s like insurance: unless something goes wrong, you aren’t interested in it.”
Phil Grindley, partner in transaction services at accountancy firm Grant Thornton, believes that “increasingly it is being taken more seriously”.
“If we are looking to acquire a company, we want our IT guys to make sure their systems are safe and secure,” he said.
“But if you haven’t got that focus at board level on cyber security, you’re just storing up potential problems for yourself down the line.”