When the pandemic shut down our lives, our virtual worlds booted up. The ways we work, learn, shop, and socialize are forever changed, and in some cases, people don’t want to go back—literally. But tradeoffs abound: moving life online puts IT executives and their teams into overdrive at a time when IT employees are hard to find and keep. Add in the fact that four out of five organizations report an uptick in cyberthreats since the coronavirus hit, and we’ve reached a boiling-point need for cybersecurity solutions. CFOs know their sore spots: technology concerns find a place on many, if not most, surveys that take the pulse of what financial leaders worry about most.
The Cost of Cybercrime
It's a fear grounded in common sense—and cents. At the end of 2021, experts predicted the total loss from cybercrime that year would top $6 trillion, with a 15% increase expected per year between now and 2025. Seventy-nine percent of global organizations experienced downtime due to a cyberthreat during a peak season. These threats and their costs are intensified by global events, including Russia’s attack on Ukraine.
Cyberattacks are not limited to high-profile organizations and public companies, and no industry is immune. In a recent State of Nonprofit Cybersecurity report, 59% of not-for-profit organizations reported having no cybersecurity training for staff. What’s more: 50% of non-governmental organizations (NGOs) have been the target of a cyberattack.
The Talent Crunch Meets IT
Inflation and the talent crunch make for the perfect storm when it comes to addressing cybersecurity. Many not-for-profit organizations lack the funding and resources to tackle these issues as thoroughly as they would like. That gap makes for existing structures and policies that can miss rapidly developing changes in the world of cybercrime.
Many experts turn to common tools for cybersecurity: conducting risk assessments, educating employees, developing response plans and policies, securing data, and considering cybersecurity insurance. These are sound practices that every organization should have as a baseline, in addition to thinking about and addressing the specific cybersecurity challenges not-for-profit organizations face.
Cybersecurity & the CISO
A new kid on the cybersecurity block is the Chief Information Security Officer (CISO). Having a CISO at the table has become more possible now that the table is often virtual. A CISO can be an internal position or an external, fractional partner who supports existing leaders and teams. That means top-notch talent can give a second look to a company’s technology needs and help advocate those needs to leadership. CISOs aren’t just cyber experts; they’re also experienced relationship builders. With a seat on the C-suite, a good CISO can, for example, help liaise between IT and leadership to rationalize and secure the resources needed to protect a company from cyber threats.
The advantage of CISOs is their ability to partner with existing IT executives and teams while also providing an objective, external perspective, just as a financial auditor supports the work of internal accounting teams and CFOs. For those who work day in and day out with existing systems, it can be hard to see blind spots. Having an external advocate can help bolster internal recommendations or troubleshoot problem areas.
The shift to remote work comes with opportunities and challenges. The CISO represents a unique chance to meet increased cyberthreats and cybercrime ushered in by the ways we now live, work, and play online—and, at least for now, that change is here to stay.
If you have comments, questions, or concerns about how to apply cybersecurity best practices to your not-for-profit organization, please contact us.