It happens far too often. I’m on a call with one of our resellers and a prospective client discussing their cybersecurity, but the IT staff are the only ones attending the call.
Why is this a problem?
The IT team does not have all of the information to make business risk decisions. They may know where data is stored and what kind of firewall is in place to prevent outside access to it, but do they know about sensitive data on financials, human resource matters, trade secrets, or customer lists that, if exposed, could cause embarrassment or economic loss?
The IT team may have filled out the questionnaire that helped you get commercial cyber insurance coverage, but have they been given access to the actual policy wording to help you understand that you may not be able to collect on it due to “lack of reasonable protection” or “failure to meet data protection requirements”?
The IT team may have been told that money is tight this year, so they won’t even come to you about an investment of less than $50,000/year that could potentially save you from a multi-million dollar cyber incident. Should they be the ones to make this decision?
Join the calls to discuss your cyber needs. Gain an understanding of the requirements around data protection and what may be at stake, and then make informed decisions about appropriate budget and risk tolerance.