The Chief Operating Officer
By definition, the Chief Operating Officer (COO) is the executive who oversees the business operations of a company. Considering all of the elements within the COO’s purview – vendor management, human resources, operations development, design, and production, and much more – cybersecurity literacy, especially incident response planning and execution, is paramount.
Cyber preparedness is a challenge. A successful COO should be informed about goings-on in the world of cybersecurity, and stay up-to-date on the newest threats. He or she should consider all the possible situations that could disrupt normal business operations and be ready to confront these challenges head-on. Most of all, cyber preparedness requires a critical eye and the willingness to ask tough questions including: “Have I prepared myself and my organization for a cyber breach event?”
Planning for the Worst
As the COO, you are responsible for your organization’s continued operations across a multitude of potential issues: economic downturn, process and technology changes, natural disasters, etc. Seasoned COOs are experts at dealing with seen and unforeseen risk as enterprise risk issues. Unfortunately, too many organizations have been too slow to see cyber risk as an enterprise risk issue and have kept cybersecurity in its own risk silo. This is a dangerous mistake.
As the COO, you need to reach out to your organization’s cybersecurity leadership and ensure that cyber risk scenarios are built-into your overall operation strategies, including (and especially) when things go awry. While your Chief Information Security Officer (CISO) or Chief Information Officer (CIO) may be ultimately responsible for developing Incident Response Plans for cyber issues, you need to ensure that their Incident Response Plan gets integrated into your organization’s Business Continuity Plan. When developing effective and integrated Incident Response and Business Continuity Plans, it’s important to:
- Assemble a team to ensure your plan is inclusive and involves the appropriate organizational units including: communication teams, legal, human resources, and disaster recovery.
- Designate a “quarterback” before a cyber crisis occurs. Your quarterback for a cyber incident will likely be someone different than other enterprise risk scenarios.
- Practice and update the plan regularly to ensure the plan works according to design.
These actions will help make your organization more cyber resilient. According to the Ponemon Institute, there are significant benefits to having an effective Business Continuity Plan in place:
Keep on Keepin’ On
The COO is responsible for the big decisions about keeping the company running and restoring its normal operations after a breach. As the CEO’s second in command, the COO has the leadership role during the crisis to keep the company running while the CEO is front and center with the Board, the media, customers, and employees.
No matter how well prepared a company may be, breaches are inevitable. As COO, you can protect your organization by understanding cyber risk as an enterprise risk, practicing your response plans, and reacting quickly when an incident occurs.
If cyber readiness isn’t at the top of your everyday to-do list then you’ll want to join us as our Cyber Resolve seminar in NYC on May 1. Prefer private training for you and your fellow members of the C-Suite? Contact us. We’ll bring the education to you.