age of modern legends, Medical cannabis industry and the cost of prohibition Misapplication of omo ale omoluabi concepts Renewed Hope Automobile Credit Fund deserves Nigeria where women can lead freely Education minister’s mission to reform When will Nigeria and Africa time come Walkways not walls Dakuku and the art of redefining intellectual Tinubu’s tax mentality needs Cost of living crisis, The uprising ground rent collection, The Oba (Dr.) Adekunle Aromolaran II that I knew A tribute How the constitution deleted Just before you embark on protest, Nigeria’s relationship with money, Cybersecurity starts at the top: Why management must lead the digital defense
Latest News

Cybersecurity starts at the top: Why management must lead the digital defense

Tribune Online

By Olurotimi Oladipo

From ransomware attacks to sophisticated phishing campaigns, cyber threats are evolving at an alarming rate. Despite these risks, many organizations still treat cybersecurity as a purely technical issue, delegating it to IT teams without broader strategic oversight. This approach is no longer viable. Today’s digital threats require leadership from the top, with management taking accountability for embedding cybersecurity into the organization’s core strategy.

Why Cybersecurity Is a Leadership Issue
The regulatory landscape has grown increasingly stringent, emphasizing the accountability of senior management. For example:

GDPR (General Data Protection Regulation) mandates that organizations implement “appropriate technical and organizational measures” to secure personal data, holding senior leadership accountable for data breaches.

SOX (Sarbanes-Oxley Act) requires companies to safeguard the accuracy and security of financial information, which includes controls against cyber threats that could compromise reporting.

Related

Why Nigeria must prioritise governance over politics — Experts
Abia 2027: Reps Deputy Speaker, Kalu, urged to run for governorship position
Oborevwori grants employment to first class mathematics graduate

ISO/IEC 27001, the global standard for information security management, explicitly requires top management to establish, monitor, and continually improve a robust security framework.
Failing to comply with such regulations exposes organizations to heavy fines, legal challenges, and reputational damage. For example, under GDPR, non-compliance can result in fines of up to €20 million or 4% of annual global turnover, whichever is higher.

In addition to compliance, the reputational and operational impacts of cyberattacks—such as the 2023 MOVEit data breach—highlight the critical role management must play in preparing for and responding to cyber threats.

How Management Can Drive Cybersecurity
1. Make Cybersecurity a Strategic Priority
Cybersecurity must be treated as an essential business objective. Management should ensure it is a regular agenda item during board meetings, with key performance indicators (KPIs) to track progress. For example, the NIST Cybersecurity Framework can guide organizations in aligning security strategies with operational goals.

2. Build and Empower a Skilled Cybersecurity Team
The UK Cybersecurity Strategy 2022-2030 emphasizes the importance of building cyber talent and leadership. Management should prioritize hiring professionals such as Chief Information Security Officers (CISOs) to provide expertise and ensure cybersecurity becomes a leadership priority. Additionally, continuous employee training is crucial to reduce vulnerabilities caused by human error, which accounts for over 80% of breaches, according to Verizon’s Data Breach Investigations Report.

3. Conduct Regular Risk Assessments
Under frameworks like PCI DSS (Payment Card Industry Data Security Standard) and FCA’s SYSC 3.2.6R, organizations must regularly identify and address risks to protect sensitive data. Management should champion risk assessments that identify vulnerabilities in systems, supply chains, and employee behavior.

4. Develop and Test Incident Response Plans
Regulations such as GDPR Article 33 mandate the prompt notification of breaches to authorities within 72 hours. Management must not only develop a robust incident response plan but also conduct simulations (e.g., cyberattack drills) to ensure the organization can respond effectively under pressure.

A Call to Action for Management
The role of senior management in cybersecurity is pivotal. They must not only ensure regulatory compliance but also foster a culture of security across the organization. By setting the tone, allocating resources, and holding teams accountable, management can create a resilient organization capable of adapting to ever-changing cyber risks.

In today’s hyperconnected world, cybersecurity is more than just a technical challenge—it’s a leadership imperative. Organizations that align their strategies with regulatory standards and adopt a proactive approach will not only safeguard their assets but also build trust with stakeholders.

•Olurotimi Oladipo is a financial crime and cybersecurity expert passionate about helping organizations stay secure and compliant

Get real-time news updates from Tribune Online! Follow us on WhatsApp for breaking news, exclusive stories and interviews, and much more.
 Join our WhatsApp Channel now

Oyo govt warns Oke-Ogun monarchs against ‘indiscriminate’ license signing for miners
NASENI urges Nigerians to patronise locally-made products
OYSCATECH matriculates 2,268 students, secures NBTE accreditation for 25 programmes
JAMB: How gullible UTME candidate waiting for grandfather’s ‘miracle’ refused to attempt questions in exam hall
Information commissioners agree to domesticate national value reorientation campaign
TAGGED:
Share This Article

Frontpage Today

Subscribe to e-Paper

E-Vending, e paper, pdf, e-paper, Tribune

You Might Also Like

Welcome

Install
×