CEO training is critical to cyber resilience, says APMG
Certification body advises that training and development must reach the top of the chain to stay ahead of digital threats
CEOs’ and senior executives’ reluctance to incorporate regular training and job development into their roles is directly affecting organisations’ ability to manage Digital Age risks such as cyber crime, say certification firm APMG.
Richard Pharro, CEO of APMG, suggests that there is an inherent culture of providing relevant training courses for employees on the ground and middle management, while C–level positions fail to benefit from up-to-date skills development. The most recent Stanford Business School study found that nearly two thirds of CEOs and almost half of senior executives aren’t receiving any kind of executive coaching or leadership development.
In today’s ever-changing digital landscape, Pharro says, the roles and responsibilities of senior executives are also developing in tandem. He commented:
“CEOs by their nature are highly motivated and skilled individuals and most will value the training available to their employees in order to develop skills and increase the quality and range of their output. However, the value of training doesn’t stop at middle management – learning should never stop, especially in today’s digital world. CEOs staying informed on current cyber security risks has a positive impact in the boardroom and beyond.”
Pharro’s warning comes as UK Defence company, BAE Systems revealed that it suffers cyber attacks twice a week, while fending off an average of more than 100 potential state attacks a year. When it comes to crisis preparedness, a survey from Regester Larkin and Steelhenge in November found that 45 per cent of large companies do not involve the CEO in crisis exercises. Of these companies, 46 per cent blame a lack of buy-in from senior management.
Board-level inexperience of the technical procedures required to defend against and respond to breaches is widespread among CEOs, Pharro commented:
“In part due to a lack of free time and in part due to a perceived view of cyber security as tangential to their core role, CEOs often overlook cyber training. Taking into account the number of cyber attacks that have become public in the last 12 months or so, any large organisation must view a breach as inevitable.
“In order to deal with the range of threats faced by an organisation on a daily basis, its cyber security strategies must consider all possible technical or cultural factors that pose a degree of risk. With the right skills in place, an appropriate response to threats can be effectively communicated across the whole organisation in a common language. RESILIA from AXELOS introduces a framework of best practice that builds cyber resilience skills across an organisation, from the CEO down, through a range of certifications and awareness tools.”
“I strongly encourage CEOs and senior executives to consider how cyber training might fit into their roles, as it is fast becoming essential in the on-going fight against cyber crime. True resilience led by the CEO will reduce the likelihood of a breach, and help plan a fast organisational recovery if such a breach does occur in the future.”