A Breach of Digital Trust

After another high-profile data hack, organizations are turning to a new reality: Just deal with it.




It’s a business leader’s worst nightmare; hackers stealing the private financial information of customers. Even worse, breaches like the one at Equifax erode a previous commodity already in short supply: digital trust.

But digital experts say smart organizations are accepting—and dealing with—a new reality. In this new order, companies try to prevent but also know that huge breaches--last week's affected the data on 143 million people--will happen and that firms will have a recovery plan.

“This is the wakeup call for organizations, large or small and across all sectors, that the conversation isn’t ‘if we get hit’ but ‘when we get hit,’” said Aileen Alexander, senior client partner and co-leader of Korn Ferry’s Cybersecurity practice.

In this context, the right talent has become just as important as the right cyber wall. While many firms are scrambling to assess their technical capabilities to build—or rebuild—digital trust, experts say that too few examine the talent component—whether they have the expertise and leadership needed to implement and manage an enterprise-wide cybersecurity strategy. “It comes down to having the right people and leadership, the right response, and the right technology,” said Jamey Cummings, the other Co-Leader of Korn Ferry’s Cybersecurity practice.

Cybersecurity leaders, including senior-level chief information security officers, are scarce and in high demand. That’s why cybersecurity needs to be driven from the top—starting with C-suite leaders and the board members—who must ensure that the right amount of resources are allocated, says Kevin Anderson, a member of Korn Ferry’s Global Technology and Digital practices. “Security is really another type of insurance. Leaders need to assess how many resources they want to apply to manage these risks.”

Managing cyber risks means acknowledging that there is no such thing as being 100 percent secure. Day-to-day business practices—for example, using cloud computing services, offering apps that consumers use on their smartphones, or having interconnected devices that are part of the “internet of things”—are potential vulnerabilities that could be exploited by criminals.

While firewalls and security protocols help, the potential risks and the ability to mitigate them must be weighed against the need to operate in a digital world.