The Strategic Brilliance of Ignoring Cybersecurity

The notion that “just because you cannot see it does not mean it is not important” is particularly pertinent in various contexts, including corporate duty of care. There are unseen efforts and investments in various aspects of a business that are foundational to its stability, reputation and growth. Recognizing the importance of these invisible elements underscores the broader perspective necessary for responsible and sustainable leadership and management. Take the following two examples:

• Cybersecurity – In today’s digital age, the threats posed by cyberattacks are often invisible until a breach occurs. Investing in robust risk based cybersecurity measures is crucial even though the immediate benefits are not always visible. The absence of visible problems does not negate the importance of protection against potential cyber threats.
• Data Protection – Customer data privacy is a critical concern. While customers may not see the data protection measures a company has in place, they trust that their personal information is safeguarded. Breaches can lead to severe reputational damage and financial loss, demonstrating the vital importance of unseen data protection efforts.

Unfortunatly in the grand boardrooms of today’s corporate and public sector enterprises, where digital transformation is the latest buzzword and the digital economy is at last recognised as the future, there’s a brilliant trend that stands out: wilful blindness to the necessity of investing in cybersecurity. Nothing exemplifies strategic brilliance quite like ignoring the very foundation of survival in the digital age, protection from and resilience to cyber and digital attacks.

Senior leadership teams and management boards, those paragons of forward-thinking, have far more pressing matters on their agendas. Why waste time on something as mundane as cybersecurity when they could be debating the next visionary marketing campaign or choosing the perfect venue for their annual retreat and squabbling over who will get the next photo op to polish their personal online profile? After all, the digital economy is all about appearances, and nothing says “innovative” like a state-of-the-art headquarters with an organic juice bar, with C-level execs who rank high on social media right?

Digital transformation, for these savvy leaders, is a journey of selective engagement. Embracing new technologies and optimizing processes sounds fantastic at keynote speeches, but investing in cyber defence? That’s just an annoying footnote. Surely, the digital economy rewards those who boldly tread the path of minimal resistance. If we don’t acknowledge the cyber threats lurking in the shadows, they can’t possibly harm us. It’s the corporate equivalent of a child closing their eyes and proclaiming they’re invisible, emperors clothing!

Let’s talk about the economics of it all. Cybersecurity investments? Those are for companies with loose change, not the ones strategically allocating resources to real-time profit generators. Why spend millions on cybersecurity when that money could fuel an aggressive marketing campaign or fund a lucrative executive bonus, or if your in the oublic sector give it way on some green agenda that delivers zero value to the taxpayer? Immediate returns (profit or vanity project) trump potential future savings every time in this brave new world of the digital economy.

And shareholders? They’re thrilled with short-term gains. Why bother them with tales of potential data breaches when we can impress them with inflated quarterly earnings instead? When a breach inevitably occurs, a well-crafted apology and a promise to do better next time usually suffices. Besides, the cost of a PR spin is a fraction of a robust cybersecurity strategy.

In the age of digital transformation, senior leadership and executive/PLC boards have perfected the art of selective digital engagement. By sidelining cybersecurity, they demonstrate a true commitment to the immediate and the visible, ensuring their place in the annals of short-term success.

Bravo, digital pioneers, bravo … just becasue your business may not deal in life and death services does not mean someone will not get hurt, you have a duty of care. A duty of care to the responsibilities and obligations to ensure the well-being, safety and satisfaction of customers.