Sergey Nivens - Fotolia
Cyber security training for chief executives is critical to the cyber resilience of the companies they head, according to global certification and accreditation organisation APMG.
The reluctance of CEOs and senior executives to incorporate regular training and job development into their roles is directly affecting organisations’ ability to manage digital age risks such as cyber crime, said APMG CEO Richard Pharro.
There is an inherent culture of providing relevant training courses for employees on the ground and middle management, he said, while C-level positions fail to benefit from up-to-date skills development.
The most recent Stanford Business School study found that nearly two-thirds of CEOs and almost half of senior executives are not receiving any kind of executive coaching or leadership development.
In today’s ever-changing digital landscape, Pharro said, the roles and responsibilities of senior executives are also developing in tandem.
“CEOs, by their nature, are highly motivated and skilled individuals, and most will value the training available to their employees to develop skills and increase the quality and range of their output. However, the value of training doesn’t stop at middle management – learning should never stop, especially in today’s digital world. CEOs staying informed on current cyber security risks has a positive impact in the boardroom and beyond,” he said.
Richard Pharro, APMG
A survey by business consultancy firms Regester Larkin and Steelhenge found that 45% of large companies do not involve the CEO in crisis exercises, with 46% blaming a lack of buy-in from senior management.
According to Pharro, board-level inexperience of the technical procedures required to defend against and respond to cyber breaches is widespread among CEOs.
“In part due to a lack of free time and in part due to a perceived view of cyber security as tangential to their core role, CEOs often overlook cyber training. Taking into account the number of cyber attacks that have become public in the past 12 months or so, any large organisation must view a breach as inevitable.
“To deal with the range of threats faced by an organisation on a daily basis, its cyber security strategies must consider all possible technical or cultural factors that pose a degree of risk. With the right skills in place, an appropriate response to threats can be effectively communicated across the whole organisation in a common language,” he said.
Read more about cyber security
- Cyber attacks constitute a group-level risk that is managed as part of BP’s standard set of risk management processes, says group chief.
- Security risk management and investment needs buy-in from top management, says Sharvind Appiah, CISO at transport and logistics firm Geodis.
- Many FTSE 350 firms still have a long way to go to manage the risks of a cyber attack, a government-backed cyber governance health check has revealed.
- Government collaborates with the insurance industry to improve how UK businesses manage cyber security risk.
According to Pharro, best practice frameworks such as Resilia help build cyber resilience skills across an organisation, from the CEO down, through a range of certifications and awareness tools.
“I strongly encourage CEOs and senior executives to consider how cyber training might fit into their roles, as it is fast becoming essential in the ongoing fight against cyber crime.
“True resilience, led by the CEO, will reduce the likelihood of a breach, and help plan a fast organisational recovery if such a breach does occur in the future,” he said.