SlideShare uma empresa Scribd logo

Why Executives Underinvest In Cybersecurity

HackerOne
HackerOne

Learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need. You'll learn how to: - Work around CEO and CFO human biases - Motivate decision makers to invest more in cyber infrastructure - Replace your CEO’s mental model with new success metrics - Compare your company’s performance with similar firms to overcome executive overconfidence Watch the full video recording!

Internet
1 de 31
Baixar para ler offline
A Behavioral Science Perspective WHY EXECUTIVES UNDERINVEST IN CYBERSECURITY HackerOne + ideas42 Webinar | October 10, 2017
© 2017 ideas42 2 We use insights from the behavioral sciences to design solutions to some of the world’s most persistent social problems. What is ?
© 2017 ideas42 3 WHAT WE’LL COVER TODAY • Dive into why executives underinvest in cybersecurity • Examine using the lens of behavioral science • Point to steps security executives and professionals can take to motivate decision makers to invest more in cybersecurity
© 2017 ideas42 4 WE DID OUR RESEARCH! 60+ Expert Interviews 120+ Research Articles
© 2017 ideas42 5 A QUICK PRIMER ON BEHAVIORAL SCIENCE odd choice.
© 2017 ideas42 6 © 2015 ideas42 6 4 behavioral reasons why executives underinvest in cybersecurity and what you can do about it
© 2017 ideas42 7 © 2015 ideas42 7 1. Thinking about risk differently
© 2017 ideas42 8 CISO: They aren’t making patches for these legacy servers anymore, so we can’t update the firmware, leaving us open to attack. They should be replaced as soon as possible. PROBLEM: DIFFERENT WAYS OF DESCRIBING AND THINKING ABOUT RISKS CEO: What does that have to do with the price of codfish in China?
© 2017 ideas42 9 PROBLEM: DIFFERENT WAYS OF DESCRIBING AND THINKING ABOUT RISKS CISO: Risks to security infrastructure CEO: Risks to the organization as a whole
© 2017 ideas42 10 SOLUTION: REFRAME RISKS IN VIVID TERMS FOR EXECUTIVES Cyber Problem Legacy servers are unpatched and need to be replaced or else risk an attack Org Problem Legacy servers are where the accounting system lives, and if that goes down we’ll lose all our financial data TRANSLATION
© 2017 ideas42 11 SOLUTION: REFRAME RISKS IN VIVID TERMS FOR EXECUTIVES Cyber Problem Legacy servers are unpatched and need to be replaced or else risk an attack Org Problem Legacy servers are where the accounting system lives, and if that goes down we’ll lose all our financial data TRANSLATION Ok, take my $$$
© 2017 ideas42 12 © 2015 ideas42 12 2. Opposing mental models
© 2017 ideas42 13 PROBLEM: OPPOSING MENTAL MODELS Chaos and complexity Simplified mental model
© 2017 ideas42 14 PROBLEM: OPPOSING MENTAL MODELS Simplified mental model • Supports quick thinking • Organize and integrate new information • Make predictions about the future changes • Influence attention
© 2017 ideas42 15 PROBLEM: OPPOSING MENTAL MODELS How a security expert thinks about cybersecurity How the CEO thinks about cybersecurity
© 2017 ideas42 16 PROBLEM: OPPOSING MENTAL MODELS How a security expert thinks about cybersecurity How the CEO thinks about cybersecurity
© 2017 ideas42 17 SOLUTION: REFRAME METRICS FOR SUCCESS MITIGATION MANAGEMENT Success == No breaches Success == Finding lots of vulnerabilities and fixing them
© 2017 ideas42 18 SOLUTION: REFRAME METRICS FOR SUCCESS MANAGEMENT Success == Finding lots of vulnerabilities and fixing them Focus is no longer on system, but on process In addition to detection, core competencies now also include identification and remediation
© 2017 ideas42 19 © 2015 ideas42 19 3. Overconfidence in current investments
© 2017 ideas42 20 PROBLEM: OVERCONFIDENCE IN INVESTMENTS 0 10 20 30 40 50 60 70 80 90 Is your cybersecurity program better than average? Overconfidence Much? Yes No 46% of surveyed CISOs believed that their company was investing enough, but only 7% believed that their peers were**Moore, T., Dynes, S., & Chang, F. R. (2016). Identifying how firms manage cybersecurity investment. University of California, Berkeley.
© 2017 ideas42 21 PROBLEM: OVERCONFIDENCE IN INVESTMENTS Context: Standards Context: Bad Feedback Systems
© 2017 ideas42 22 SOLUTION: CLEAR BENCHMARKING 0% 100% Your company’s score The average score in your domain The top 10% in your domain How’s my cybersecurity program? • Baseline against similar firms • Poll other firms about their own practices • Poll peers about how well your own firm is doing relative to others • Integrate others’ best practices
© 2017 ideas42 23 © 2015 ideas42 23 4. Attention is on the wrong things
© 2017 ideas42 24 PROBLEM: ATTENTION IS ON WRONG THINGS Unhelpful Mental Models Availability Bias
© 2017 ideas42 25 Attention PROBLEM: ATTENTION IS ON WRONG THINGS
© 2017 ideas42 26 SOLUTION: BREAK THE SYSTEM Pentesting and bug bounty programs Make key decision makers the victims of internally initiated (and safe) attacks
© 2017 ideas42 27 © 2015 ideas42 27 To summarize…
© 2017 ideas42 28 FOUR KEY TAKEAWAYS FOR INCREASING EXECUTIVE INVESTMENT IN CYBER Vividly connect cyber risks to organizational risks for execs Use process metrics as opposed to outcome metrics to ”fix” executives mental models about cyber programs Survey your peers to help curb overconfidence Break the system (with help)!
© 2017 ideas42 29 TO LEARN MORE! Check out: Deep Thought: A Cybersecurity Story at ideas42.org/cyber Check out: The Behavioral Economics of Why Executives Underinvest in Cybersecurity at HBR.org
© 2017 ideas42 30 THANK YOU! ablau@ideas42.org
Q&A

Recomendados

Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 

Recomendados

Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorOlivier Busolini
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 

Mais conteúdo relacionado

Mais procurados

Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorOlivier Busolini
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 

Mais procurados (20)

Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 

Destaque

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 

Destaque (7)

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 

Semelhante a Why Executives Underinvest In Cybersecurity

Connecting Data and Experience: How Decision Management Works
Connecting Data and Experience: How Decision Management WorksConnecting Data and Experience: How Decision Management Works
Connecting Data and Experience: How Decision Management WorksInside Analysis
 
From concept to adoption - the maze of organizational readiness for Big Data ...
From concept to adoption - the maze of organizational readiness for Big Data ...From concept to adoption - the maze of organizational readiness for Big Data ...
From concept to adoption - the maze of organizational readiness for Big Data ...J On The Beach
 
Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...
Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...
Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...IQ Business - agility@IQ
 
Combating the IT Monsters That Keep You Up at Night
Combating the IT Monsters That Keep You Up at NightCombating the IT Monsters That Keep You Up at Night
Combating the IT Monsters That Keep You Up at Nightmarketingunitrends
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
 
Bringing clarity to analytics projects with decision modeling: a leading prac...
Bringing clarity to analytics projects with decision modeling: a leading prac...Bringing clarity to analytics projects with decision modeling: a leading prac...
Bringing clarity to analytics projects with decision modeling: a leading prac...Decision Management Solutions
 
Preparing New Leaders for Frontline Management
Preparing New Leaders for Frontline ManagementPreparing New Leaders for Frontline Management
Preparing New Leaders for Frontline ManagementCynthia Clay
 
Millennial Leaders on the Move: Preparing New Leaders for Frontline Management
Millennial Leaders on the Move: Preparing New Leaders for Frontline ManagementMillennial Leaders on the Move: Preparing New Leaders for Frontline Management
Millennial Leaders on the Move: Preparing New Leaders for Frontline ManagementCynthia Clay
 
Analytics - Moneyball for hr June 2017
Analytics - Moneyball for hr June 2017Analytics - Moneyball for hr June 2017
Analytics - Moneyball for hr June 2017Daryl Hiddema
 
Rhipe solutions sps july2016 - the digital transformation -dr
Rhipe solutions sps july2016 - the digital transformation -drRhipe solutions sps july2016 - the digital transformation -dr
Rhipe solutions sps july2016 - the digital transformation -drspsnyc
 
SPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptx
SPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptxSPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptx
SPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptxMichelle Caldwell, PSM, SSGB
 
Preparing New Leaders for Frontline Management
Preparing New Leaders for Frontline ManagementPreparing New Leaders for Frontline Management
Preparing New Leaders for Frontline ManagementCynthia Clay
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
 
Doug Palmer - Achieving Authentic Enterprise Digital Transformation
Doug Palmer - Achieving Authentic Enterprise Digital TransformationDoug Palmer - Achieving Authentic Enterprise Digital Transformation
Doug Palmer - Achieving Authentic Enterprise Digital TransformationJulia Grosman
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Complex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data AnalyticsComplex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data AnalyticsCoThink
 
Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017
Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017
Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017Michelle Caldwell, PSM, SSGB
 
Applied tactics for your transformation
Applied tactics for your transformationApplied tactics for your transformation
Applied tactics for your transformationStuart Charlton
 
Leading High Impact Virtual Teams
Leading High Impact Virtual TeamsLeading High Impact Virtual Teams
Leading High Impact Virtual TeamsCynthia Clay
 

Semelhante a Why Executives Underinvest In Cybersecurity (20)

WiselyWise for Marketers 2017
WiselyWise for Marketers 2017WiselyWise for Marketers 2017
WiselyWise for Marketers 2017
 
Connecting Data and Experience: How Decision Management Works
Connecting Data and Experience: How Decision Management WorksConnecting Data and Experience: How Decision Management Works
Connecting Data and Experience: How Decision Management Works
 
From concept to adoption - the maze of organizational readiness for Big Data ...
From concept to adoption - the maze of organizational readiness for Big Data ...From concept to adoption - the maze of organizational readiness for Big Data ...
From concept to adoption - the maze of organizational readiness for Big Data ...
 
Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...
Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...
Are we Agile or Fragile? Agile Africa 2017 - Reflections from the IQbusiness ...
 
Combating the IT Monsters That Keep You Up at Night
Combating the IT Monsters That Keep You Up at NightCombating the IT Monsters That Keep You Up at Night
Combating the IT Monsters That Keep You Up at Night
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 
Bringing clarity to analytics projects with decision modeling: a leading prac...
Bringing clarity to analytics projects with decision modeling: a leading prac...Bringing clarity to analytics projects with decision modeling: a leading prac...
Bringing clarity to analytics projects with decision modeling: a leading prac...
 
Preparing New Leaders for Frontline Management
Preparing New Leaders for Frontline ManagementPreparing New Leaders for Frontline Management
Preparing New Leaders for Frontline Management
 
Millennial Leaders on the Move: Preparing New Leaders for Frontline Management
Millennial Leaders on the Move: Preparing New Leaders for Frontline ManagementMillennial Leaders on the Move: Preparing New Leaders for Frontline Management
Millennial Leaders on the Move: Preparing New Leaders for Frontline Management
 
Analytics - Moneyball for hr June 2017
Analytics - Moneyball for hr June 2017Analytics - Moneyball for hr June 2017
Analytics - Moneyball for hr June 2017
 
Rhipe solutions sps july2016 - the digital transformation -dr
Rhipe solutions sps july2016 - the digital transformation -drRhipe solutions sps july2016 - the digital transformation -dr
Rhipe solutions sps july2016 - the digital transformation -dr
 
SPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptx
SPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptxSPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptx
SPT200-Planning Your Digital Workplace Transformation-DenverFest-2017.pptx
 
Preparing New Leaders for Frontline Management
Preparing New Leaders for Frontline ManagementPreparing New Leaders for Frontline Management
Preparing New Leaders for Frontline Management
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspective
 
Doug Palmer - Achieving Authentic Enterprise Digital Transformation
Doug Palmer - Achieving Authentic Enterprise Digital TransformationDoug Palmer - Achieving Authentic Enterprise Digital Transformation
Doug Palmer - Achieving Authentic Enterprise Digital Transformation
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
Complex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data AnalyticsComplex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data Analytics
 
Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017
Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017
Planning Your Digital Workplace Transformation SharePoint Fest Denver 2017
 
Applied tactics for your transformation
Applied tactics for your transformationApplied tactics for your transformation
Applied tactics for your transformation
 
Leading High Impact Virtual Teams
Leading High Impact Virtual TeamsLeading High Impact Virtual Teams
Leading High Impact Virtual Teams
 

Mais de HackerOne

Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Federal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideFederal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideHackerOne
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment TypesHackerOne
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...HackerOne
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 
Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyHackerOne
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
Bug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchBug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchHackerOne
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...HackerOne
 
How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
 
HackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityHackerOne
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 

Mais de HackerOne (18)

Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty Programs
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
 
Federal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideFederal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security Guide
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment Types
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty Programs
 
Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure Policy
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
Bug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchBug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 Research
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
 
How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...
 
HackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning Wang
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programs
 

Último

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 

Último (20)

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 

Why Executives Underinvest In Cybersecurity

  • 1. A Behavioral Science Perspective WHY EXECUTIVES UNDERINVEST IN CYBERSECURITY HackerOne + ideas42 Webinar | October 10, 2017
  • 2. © 2017 ideas42 2 We use insights from the behavioral sciences to design solutions to some of the world’s most persistent social problems. What is ?
  • 3. © 2017 ideas42 3 WHAT WE’LL COVER TODAY • Dive into why executives underinvest in cybersecurity • Examine using the lens of behavioral science • Point to steps security executives and professionals can take to motivate decision makers to invest more in cybersecurity
  • 4. © 2017 ideas42 4 WE DID OUR RESEARCH! 60+ Expert Interviews 120+ Research Articles
  • 5. © 2017 ideas42 5 A QUICK PRIMER ON BEHAVIORAL SCIENCE odd choice.
  • 6. © 2017 ideas42 6 © 2015 ideas42 6 4 behavioral reasons why executives underinvest in cybersecurity and what you can do about it
  • 7. © 2017 ideas42 7 © 2015 ideas42 7 1. Thinking about risk differently
  • 8. © 2017 ideas42 8 CISO: They aren’t making patches for these legacy servers anymore, so we can’t update the firmware, leaving us open to attack. They should be replaced as soon as possible. PROBLEM: DIFFERENT WAYS OF DESCRIBING AND THINKING ABOUT RISKS CEO: What does that have to do with the price of codfish in China?
  • 9. © 2017 ideas42 9 PROBLEM: DIFFERENT WAYS OF DESCRIBING AND THINKING ABOUT RISKS CISO: Risks to security infrastructure CEO: Risks to the organization as a whole
  • 10. © 2017 ideas42 10 SOLUTION: REFRAME RISKS IN VIVID TERMS FOR EXECUTIVES Cyber Problem Legacy servers are unpatched and need to be replaced or else risk an attack Org Problem Legacy servers are where the accounting system lives, and if that goes down we’ll lose all our financial data TRANSLATION
  • 11. © 2017 ideas42 11 SOLUTION: REFRAME RISKS IN VIVID TERMS FOR EXECUTIVES Cyber Problem Legacy servers are unpatched and need to be replaced or else risk an attack Org Problem Legacy servers are where the accounting system lives, and if that goes down we’ll lose all our financial data TRANSLATION Ok, take my $$$
  • 12. © 2017 ideas42 12 © 2015 ideas42 12 2. Opposing mental models
  • 13. © 2017 ideas42 13 PROBLEM: OPPOSING MENTAL MODELS Chaos and complexity Simplified mental model
  • 14. © 2017 ideas42 14 PROBLEM: OPPOSING MENTAL MODELS Simplified mental model • Supports quick thinking • Organize and integrate new information • Make predictions about the future changes • Influence attention
  • 15. © 2017 ideas42 15 PROBLEM: OPPOSING MENTAL MODELS How a security expert thinks about cybersecurity How the CEO thinks about cybersecurity
  • 16. © 2017 ideas42 16 PROBLEM: OPPOSING MENTAL MODELS How a security expert thinks about cybersecurity How the CEO thinks about cybersecurity
  • 17. © 2017 ideas42 17 SOLUTION: REFRAME METRICS FOR SUCCESS MITIGATION MANAGEMENT Success == No breaches Success == Finding lots of vulnerabilities and fixing them
  • 18. © 2017 ideas42 18 SOLUTION: REFRAME METRICS FOR SUCCESS MANAGEMENT Success == Finding lots of vulnerabilities and fixing them Focus is no longer on system, but on process In addition to detection, core competencies now also include identification and remediation
  • 19. © 2017 ideas42 19 © 2015 ideas42 19 3. Overconfidence in current investments
  • 20. © 2017 ideas42 20 PROBLEM: OVERCONFIDENCE IN INVESTMENTS 0 10 20 30 40 50 60 70 80 90 Is your cybersecurity program better than average? Overconfidence Much? Yes No 46% of surveyed CISOs believed that their company was investing enough, but only 7% believed that their peers were**Moore, T., Dynes, S., & Chang, F. R. (2016). Identifying how firms manage cybersecurity investment. University of California, Berkeley.
  • 21. © 2017 ideas42 21 PROBLEM: OVERCONFIDENCE IN INVESTMENTS Context: Standards Context: Bad Feedback Systems
  • 22. © 2017 ideas42 22 SOLUTION: CLEAR BENCHMARKING 0% 100% Your company’s score The average score in your domain The top 10% in your domain How’s my cybersecurity program? • Baseline against similar firms • Poll other firms about their own practices • Poll peers about how well your own firm is doing relative to others • Integrate others’ best practices
  • 23. © 2017 ideas42 23 © 2015 ideas42 23 4. Attention is on the wrong things
  • 24. © 2017 ideas42 24 PROBLEM: ATTENTION IS ON WRONG THINGS Unhelpful Mental Models Availability Bias
  • 25. © 2017 ideas42 25 Attention PROBLEM: ATTENTION IS ON WRONG THINGS
  • 26. © 2017 ideas42 26 SOLUTION: BREAK THE SYSTEM Pentesting and bug bounty programs Make key decision makers the victims of internally initiated (and safe) attacks
  • 27. © 2017 ideas42 27 © 2015 ideas42 27 To summarize…
  • 28. © 2017 ideas42 28 FOUR KEY TAKEAWAYS FOR INCREASING EXECUTIVE INVESTMENT IN CYBER Vividly connect cyber risks to organizational risks for execs Use process metrics as opposed to outcome metrics to ”fix” executives mental models about cyber programs Survey your peers to help curb overconfidence Break the system (with help)!
  • 29. © 2017 ideas42 29 TO LEARN MORE! Check out: Deep Thought: A Cybersecurity Story at ideas42.org/cyber Check out: The Behavioral Economics of Why Executives Underinvest in Cybersecurity at HBR.org
  • 30. © 2017 ideas42 30 THANK YOU! ablau@ideas42.org
  • 31. Q&A