Calculating your Cyber Quotient
The word "quotient" has two basic meanings: Yes, it's the result you obtain when you divide one quantity by another; but it also refers to an amount of something a given entity has, such as "intelligence quotient" or IQ.
At Pcubed we've coined the term "cyber quotient" to describe how smart companies are about cyber security. To derive your cyber quotient, you calculate the cyber investments made across four areas: allocation of budget, management of risks, education of people and compliance with laws and regulations.
The process of calculating and then improving on your organization's cyber quotient will position it to be braced for the moment when (or if) a security hack occurs. In our experience, companies with a higher cyber quotient weather data breaches involving the exposure of personal information of staff, customers or clients much better and with fewer business consequences.
The Pcubed cyber quotient encompasses four distinctive areas:
Operational excellence;
Compliance;
Leadership; and
Technology
Operational excellence
Typically, this is the most neglected area and requires the most attention. This topic deals with how employees -- management and staff – operate: their attitudes, awareness and practical conduct when working in the organization. As you already know, people can be either malicious or naïve, particularly in dealing with customer or proprietary data.
Compliance
Each industry is subject to its own laws, rules and regulations. Compliance is essential to operate a profitable business, and the consequences of not being compliant tend to be unthinkable -- which means most people don't like to think about them. The more proactive stance is to examine internal processes as well as the external ones, such as those involving the supply chain, in order to turn a spotlight on risks and practices that could leave the operation exposed. The imminent General Data Protection Regulation (GDPR), is particularly important here, as it recommends a penalty of five percent of a company's global turnover for non-compliance. Every region of the world has its own regulations, so we find it well worth addressing risk sooner than later.
Leadership
Now that cyber security has reached the board level, executives can no longer delegate the accountability of security. Leaders need to understand the basics of the data it possesses and the cyber risks the company faces as a result. The executive team needs to reach informed consensus on the company's level of risk tolerance and pay attention to its own behaviour and conduct. Creating an environment of trust, openness and transparency especially between executives and the IT organization is essential.
Technology
Having modern and current technology is critical as is a solid understanding of the corporate network and potential points of failure. We don't advise skimping in this area, but we do advise strategic investments. Often IT becomes a black hole into which money is thrown in the hopes of addressing vague symptoms. Better to approach the job thoughtfully and with specific purposes in mind.
Measuring Your Cyber Quotient and Putting It to Work
Pcubed has worked with dozens of companies to measure their cyber quotient. This short engagement assesses the organisation's capabilities along the four dimensions shared above. The result is a customized roadmap for achieving resilience and carefully balancing the risk and investment trade-offs. The Pcubed assessment addresses legal requirements and technology capabilities, coaches leaders and helps make people aware of best practices.
The cyber quotient journey is challenging for most companies. Your organization is in business to follow its mission, not to become an expert at cyber security. But with a bit of Pcubed advising, you'll end up with a prioritised list of initiatives to pursue, and that will go a long way to achieving operational excellence.
The idea of blindly throwing money at technology to solve a cyber problem is not the answer. Nor is waiting for your next data breach to occur.
