Our website uses cookies to create a better userexperience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023

2021: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

"Many are sitting on a cyber security time bomb - without realising it"

Assessing business risks to ensure the organisation’s continuity is one of a manager’s core responsibilities. When it comes to cyber security, however, there is often a great gap of understanding of what these risks entail. "Too many people think that a one-off investment is sufficient," explains Georges Ataya, Vice-President of the Cyber Security Coalition and Academic Director for the Executive Programmes in IT Management and Information Security Management courses at Solvay Brussels School of Economics & Management.

Read more
Close article

Georges Ataya

Solvay Brussels School of Economics & Management

Every manager and executive in a company strives to create added value. In daily practice, this implies continuously evaluating business risks to avoid unexpected situations. While this basic management principle seems obvious, too often it appears not to be the case for cyber security.

Research has shown that managers frequently have little or no knowledge of cyber security, and therefore cannot make a thorough assessment of the risks. "Executives underestimate the complexity of that responsibility," says Georges Ataya.

A continuous process of improving

This lack of knowledge starts with a clear fallacy concerning security. "Companies often think that a one-off investment is sufficient to guarantee cyber security. That is obviously not the case. There is no such thing as a one-size-fits-all solution. Because threats are constantly changing, cyber security must be understood as a continuous process of monitoring and improving," states Ataya.

Ideally, a company has a safety committee made up of several specialised technical profiles and board members. "With such a set-up, committee members can clearly inform each other and build mutual trust. In reality, however, many companies don't even have a safety officer. And if they do, he or she is mostly dependent on the IT department for the necessary expertise."

In terms of reporting, as well, the approach is often off the mark. "Security reports mainly emphasise what is going well, whereas the focus should be on what is going wrong," explains Ataya. "This is crucial, because an understanding of the specific vulnerabilities within a company is just as essential as knowledge about a threat."

A crucial part of corporate governance

In other words, while the pursuit of security should be closely linked with the company’s strategy and embedded in its structure, today it is mostly limited to the operational level. As a result, many companies are clearly at risk while they are going through a digital transformation. "They are sitting on a ticking time bomb without realising it," warns Georges Ataya.

Thus, it is crucial to increase awareness about cyber risks amongst managers and executives. "Today, a mature company should be putting in place a clear governance around cyber security, and seeing it as a critical part of wider corporate governance."

To achieve this, however, a great number of people need to improve their competencies in the short term. Now, interested professionals can turn to Skillsbeam. "This brand-new digital tool enables people to weigh up their own competences against the required expertise for cyber security positions. In this way, we hope to give an extra push to all those who are considering a career switch," concludes Georges Ataya. 

Close article