If cybersecurity wasn’t top of mind for businesses before COVID-19, it’s now prioritized in a remote-first world that’s digitizing at full speed. The pandemic caused a 600% increase in cybercrime, a skyward trend that has already cost an unprecedented $7 trillion in damages globally during the first half of 2022. Cybercrime isn’t expected to subside anytime soon, so for businesses setting up for success in 2023 and beyond, now is the most relevant time to broaden considerations about cybersecurity.
There’s a tendency, for instance, to think of cyberattacks as coming from the dark web, nation-states and organized hacking syndicates. And while each of these entities certainly spawns cyber threats, there’s another breeding ground that often goes overlooked: business silos.
Business silos provide the ideal environment for cyberattacks to thrive. That’s because, by their very nature, silos promote isolated thinking and prevent the free flow of information. When the walls go up in an organization, it’s easy for bad actors to take advantage within the resulting blind spots. Exploiting gaps in knowledge and understanding, they can launch damaging attacks that could have been easily prevented with better communication and collaboration.
Now more than ever, with spiking cybercrime and enterprise-wide breaches stemming from something as simple as a delayed update or a single wrong click, it’s up to business leaders to make “silo-busting” an organizational imperative. Breaking down these barriers will be a key advantage to quickly remediating vulnerabilities and staying ahead of cybercriminals who are only getting better at finding the gaps.
Importantly, most cyberattacks can be traced back to some sort of human error. According to a 2022 Verizon report, 82% of all data breaches included a human element. And as one of the most common causes of human error, communication breakdown between departments is also a sure silo manufacturer. So, in the interest of dismantling existing silos, and preventing future ones from establishing, leaders should consider three steps.
First, promote a security-first culture. Ensure that everyone in the organization understands the importance of security and knows how to spot potential threats. This can be accomplished through training and awareness programs that engage all employees, from the C-suite to the front line.
Next, encourage interdepartmental collaboration. Internal communication can be improved by creating forums or working groups where departments can share information about potential threats. It’s also important to motivate employees to speak up if they see something that doesn’t seem right.
Lastly, foster a sense of ownership over security, which means understanding how individual actions can impact the organization as a whole. If an average breach costs $4.35 million, how much money can a company lose before it’s forced to close its doors? The answer affects every employee. And while downtimes vary, 75% of small and mid-sized businesses recently surveyed said they’d survive just three to seven days after a successful ransomware attack.
To implement these steps, it’s up to business leaders to take the reins. As they plan ways to meet goals and manage risk, cybersecurity needs to be an integral part of the conversation.
Other practical suggestions include establishing cross-functional cybersecurity teams, setting up regular cybersecurity briefings for all employees and encouraging open communication about cybersecurity threats and vulnerabilities. Continuously applied, these actions empower individuals to regard the business with a more holistic mindset. Resulting benefits typically extend beyond security posture into smoother operations and better business outcomes.
Silo-busting ultimately helps organizations improve their odds against rising cybercrime. But it also presents a great opportunity to start shifting the conversation and link cybersecurity to the rest of the business. After all, in the post-pandemic, work-from-home reality, security should be everyone’s concern. By opening the discussion, leaders can multiply their cybercrime-fighting powers — not only ensuring that everyone understands the importance of security, but also has a stake in improving it.