5 Questions All Leaders Should Ask To Assess Cybersecurity Risk

The Cost of a Data Breach

A study conducted by IBM last year, The 2020 Cost of a Data Breach Report, put a price tag on data breaches. According to the study, the average cost of a data breach is $3.86 million. Also, 80 percent of data breaches resulted in the exposure of customers’ personally identifiable information, which is the most expensive type of breach to remedy.

Stolen or compromised employee credentials and cloud misconfigurations are the most common causes of data breaches, with 40 percent of breaches caused by these incidences. Misconfigured cloud networks increased data breach costs by half-a-million dollars, according to the study.

Cybersecurity Starts at the Top

Statistics like these make it clear that cybersecurity should be an important part of every organization’s operating plan. Ensuring a well-protected network starts at the top.

Here are five key questions leadership should ask to assess cybersecurity risk:

Question #1: Is your executive leadership informed about cyber risks that threaten the company?

Cybersecurity is about managing risk. A breach can have dire consequences. This makes managing cybersecurity risk a critical part of an organization’s governance, risk management and business continuity framework. Early response actions can limit or even prevent possible damage. Accordingly, timely reporting to leadership should be built into the strategic framework for managing the enterprise. The CEO, CIO, business leaders, continuity planners, system operators, general counsel and public affairs should be part of the chain of communications.

Question #2: What is our exposure to cyber risk, the potential impact of a breach and our plan for addressing both?

Identifying critical assets and associated impacts from cyber threats is critical to understanding your specific risk exposure. These will most likely be a combination of financial, competitive, reputational ando/or regulatory risks. Risk assessment results are key to identifying and prioritizing specific protective measures, allocating resources, informing long-term investments and developing policies and strategies to manage cyber risks at an acceptable level.

Question #3: How does our cybersecurity program apply industry standards and best practices?

A comprehensive cybersecurity program leverages industry standards and best practices to protect systems, detect potential problems and enable timely response and recovery. Compliance requirements help to establish a good cybersecurity baseline to address known vulnerabilities. However, they do not adequately address new and dynamic threats or sophisticated adversaries. Using a risk-based approach to apply cybersecurity standards and practices allows for more comprehensive and cost-effective management of cyber risks than compliance activities alone.

Question #4: How many cyber incidents is normal for us? At what point should executive leadership be informed?

Executive engagement in defining the risk strategy and levels of acceptable cyber risk enables close alignment with the business needs of the organization. Regular communication between leaders and those held accountable for managing cyber risks provides awareness of current threats, security gaps and associated business impact. Analyzing, aggregating and integrating risk data from various sources and participating in threat information sharing with partners helps organizations identify and respond to incidents quickly. Ensuring that protective efforts are commensurate with risk.

A good way to establish updated security protocols is to have an assessment of your network. This can show you where you stand and provide insights to a solid plan of action.

Question #5: How comprehensive is our cyber incident response plan? How often is it tested?

Even a well-defended organization will experience a cyber incident at some point. When network defenses are penetrated, the leadership group should be prepared with a Plan B. Documented cyber incident response plans that are exercised regularly help enable timely response and minimize impacts.

Devise a Cybersecurity Plan Now

When it comes to cybercrime and data breaches, it’s not a question of if, but when. Now is the time to devise a plan for how your organization will deal with a data breach when one occurs.

Meet with your key leaders use the questions to assess cybersecurity risk. If you don’t have adequate answers, commit to doing whatever it takes to get answers before your organization is the victim of a data breach.

Succession Planning Strategies: 5 Questions to Ask Before Selling Your Business

1. What Are Your Post-Business Ownership Plans?

How much thought have you given to what you’re going to do after you sell your business? Maybe you plan to retire and take it easy for a while. If so, you should work closely with a professional wealth advisor to develop a detailed retirement financial plan to help ensure that you have sufficient resources to support your desired retirement lifestyle.

Or maybe you want to start another company after you sell your existing business. In this case, you’ll want to make sure that the proceeds from the sale of your business are sufficient to launch your new venture.

2. To Whom Will You Sell The Business?

Business buyers usually fall into one of two broad categories: internal buyers or external buyers. An internal buyer may be your existing employees or management team. In this case, the business sale could be conducted via an employee stock ownership plan (ESOP) or management buyout (MBO). Or it could be family members if yours is a family-run business.

There are two main types of external buyers: financial buyers and strategic buyers. Financial buyers, such as private equity groups, look for companies with high growth potential. This way, in the future, they can sell your company at a profit to reap a return on their investment. Strategic buyers, meanwhile, seek businesses whose products or services complement their own, such as a competitor. This kind of merger can help the buyer gain market share by acquiring your customer base and consolidating operations.

3. How Can You Add Value To The Business Before Putting It On The Market?

The best way to boost the eventual sale price of your business is to focus on key business value drivers today. These are things you can do now to make your business more valuable in the eyes of buyers while reducing potential risks.

For example, are your corporate records, contracts and other legal documents all current and in good standing? Are your financial statements accurate and current and is your technology up to date? Have you developed a seasoned and experienced management team that’s prepared, and financially incentivized, to help ensure a smooth transition to new ownership? Most importantly, is there a realistic business growth plan in place that will enable buyers to realize positive ROI on their investment?

4. How Much Is Your Business Worth?

This is the proverbial $64,000 question. Many owners think they have a good idea of what their business is worth based on their gut instinct. But this value often isn’t realistic. Most owners have an emotional connection to their business and tend to over-value the sweat equity they’ve put into building it.

Buyers will look at your business from a purely numbers and analytical approach. The main thing they’re looking at is the quality of business earnings and how repeatable these earnings are in the future. It might make sense to engage a valuation professional to conduct a quality of earnings study to estimate the future cash flow potential of the business and come up with at least a rough business valuation.

5. Who Will Form Your Business Advisory Team?

Selling a business is a lengthy and complex process that requires high-level expertise. You should begin forming a business advisory team that includes the following:

  • An investment banking firm to market your business.
  • A valuation professional to help you gauge business value and determine the selling price.
  • An experienced M&A attorney.
  • A Tax advisor
  • who specializes in the sale of closely held businesses.

Even if you’re not planning to sell anytime soon, it’s still smart to go ahead and start the succession planning for your business now. This way, you’ll be ahead of the game when you’re ready to exit the business one day down the road.