Columbia International Affairs Online: Policy Briefs

CIAO DATE: 02/2009

Cyber Attack: Risk Management Primer for CEOs

December 2007

Atlantic Council


Today's businesses rely increasingly on corporate IT networks and their connection with the global Internet as the backbone of their sales, sourcing, operating, and financial systems. However, the convenience of global connectivity comes at a cost-the vulnerability of network infrastructures and systems to the malicious actions of cyber criminals and espionage agencies. Yet few CEOs or managing directors are prepared to lead their companies against these dangers. Too often CEOs and directors fail to understand the level of potential risk and liability, and cede responsibility for dealing with cyber attacks to their IT department. Instead, leaders of corporations, nongovernmental and not-for-profit organizations, and public sector agencies in the 21st century must know enough to at least ask the right questions of their chief information officer.

No business, government, nongovernmental, or other organization of whatever size is invulnerable to cyber attacks. Business owners and executives, including managing directors, cannot afford to put at risk the security and stability of their operating and financial systems, confidential information, intellectual property, and business transactions to cyber predators through lack of knowledge or initiative. Just as CEOs and directors are responsible for ensuring that their chief financial officer has managed their funds appropriately, so they must be convinced that the CIO has taken all reasonable and prudent steps to safeguard the company's digital resources. Moreover, the nature of the Internet demands that corporate officers extend these concerns to their business partners, suppliers, and vendors, by insisting that they also take precautions against electronic aggression that could put both parties at risk.