Carlson Executive Education Blog

Three Myths CEOs & Executives Believe About Cybersecurity

Posted by Soumya Sen on Mar 6, 2019 8:00:00 AM

Cybersecurity breaches will result in over 146 billion records being stolen by 2023, according to Juniper Research. The impact these breaches have on the victim companies is dramatic and leaves other business leaders wondering what they can do or hoping that their organization is protected.

The reality is, no leader can afford to passively hope the problem takes care of itself. If you want to take your head out of the sand around cybercrime and cybersecurity, the first step to defending your company value is to stop believe these common cybersecurity myths.


Myth #1: "It's Not My Job."

This is the big one. You have enough to do, and it can feel like the this is firmly on IT's plate. But like it or not, the best way to keep your company protected is to have everyone on the same page and in the know. IT can't implement the best solutions without knowing the priorities of the business, especially as organizations adopt new technologies like cloud, IoT, and blockchains. Whether it's your role to set those priorities or align your team around the strategy, you cannot sit passively as IT makes choices independent of the needs of other arms of the organization. Basically, you want to know what everyone is talking about so you can ask the right questions and make sure your company’s cybersecurity vision is implemented across your organization.


Watch Soumya Sen discuss what business leaders need to know about cybersecurity in this 20 minute informational webinar.


Myth #2: “Cybersecurity Is Too Complicated."

There are thousands of different threats out there. To a layperson, the “known unknowns” can feel overwhelming. You cannot defend against every single threat—it’s impossible. Some may find cold comfort in that fact, but really what you need to know is what is most likely to impact your company. Mobilize your defenses around those risks using a risk-management framework. This links back up with #1- setting direction for your company. There are so many threats, IT needs your input on priorities so they can focus on what is most important to the business.

As for the threats less likely to impact your business, staying knowledgeable about the cybercrime landscape or using  a managed security service provider will ensure you're ready to mitigate those risks if they do come to pass.


"If a business isn't appealing to cyber criminals, it's a business that isn't making any money." - Alok Gupta, Professor, Cybersecurity Leadership for Non-Technical Executives


Myth #3: “We Don’t Have the Resources for a Strong Cybersecurity Strategy."

"Seventy-five percent of successful breaches come from employees compromising the system behind all the protections put in place." (Forbes, 2017).

A successful cybersecurity team is an organization that values cybersecurity at all levels and is aligned on preventing threats. Cybersecurity is a cross-functional job, amongst leaders and amongst implementers. While each company will have a unique, individualized cybersecurity plan, they will have one thing in common: a culture that values cybersecurity.

Creating that culture is one of the strongest first steps to preventing and mitigating cybercrime risks. Stop believing these myths so you can work more effectively with your IT team and protect your company.

If you want to learn the language of risk assessment and defense, understand the future of data protection, and build your defense strategy, join us for Cybersecurity for Non-Technical Executives, April 15-17 at the Carlson School of Management. Learn more and register here.

New call-to-action

Topics: Cybersecurity, CEO, Common Misconceptions