Sales: (877) 516-0218
General: (678) 695-5500

Why Cybersecurity Culture Is a Leadership Responsibility

Cybersecurity Culture


1Path hosted a fireside chat between Brian Shield, CIO for the Boston Red Sox, and Eric Rosenbach, co-director of Harvard Kennedy School’s Belfar Center for Science and International Affairs and former Assistant Secretary of Defense for global security last week. The discussion centered around cybersecurity as a holistic approach to defending organizations against threat actors and information attacks.

The two speakers shared their experiences as leaders of their respective organizations, including their thoughts on the looming cultural shift needed to ensure our nation’s cybersecurity posture. Rosenbach points out that nation states will continue to lead bad actors as an asymmetric weapon against the United States. Many countries, unable to compete with the traditional military power of the U.S. and NATO, use hacking and other cyber weapons to level the playing field or get around sanctions. However, ransomware, like the latest LockerGoga attack, will continue to barrage our infrastructure as private industry sits firmly on the front line.

For organizations, taking responsibility for your own defense starts with admitting that cybersecurity is not simply an IT problem—it’s a leadership problem.

CEOs, boards, and those who lead in an organization must rise up to the occasion and take responsibility for their own cybersecurity response.  Awareness involves instilling a culture of security across an entire organization, and culture is set by the tone of the leaders. Having a good cybersecurity posture must come from the top and perpetuate down an organization.

In fact, there are many things leaders can do to change their cybersecurity posture. Think of your propriety data is your organization’s gold, and it’s your job to protect it. Not only are incident response plans critical to surviving cybersecurity attacks, but you must practice your response plans regularly and update them. It’s not about how many employees you have, it’s about understanding your risk profile. It’s about knowing your business.

It’s impossible to avoid all attacks, and you never want to be caught looking in the rear-view mirror. Knowing your response plan and practicing it makes your organization more agile and gives you options when an attack occurs.

Looking for ways to improve your cybersecurity posture?

  • Own it. Take responsiblity for your own cybersecurity posture.
  • Befriend your local FBI Cyber Agent or consider joining the FBI InfraGard, which is a public-private partnership to share early information about cyberthreats.
  • Focus on how to educate your diverse workforce effectively.
  • Align your business continuity plan with your incident response plan. Evaluate whether you need to back up 30 days or 7 minutes.
  • Use two-factor authentication.

Rosenbach maintains that educating workers on cybersecurity best practices is essential to our national security and part of our duty to our country. Leaders must address this very real threat by working towards a cultural shift in how we think and invest in cybersecurity.

Curious about your cybersecurity posture? Take our cybersecurity self-assessment now.




Join 30K Business & IT Professionals by signing up for our email list to receive updates on IT and Cybersecurity directly in your inbox.