An approach that focuses exclusively on IT is simply not enough. You need a corporate strategy for that. After all, your customers and your reputation are under threat.

An approach that focuses exclusively on IT is simply not enough. You need a corporate strategy for . After all, your customers and your reputation are under threat.
Not enough companies are sufficiently aware of the risks of hacking, or know how to prevent it to the greatest extent possible. A study conducted by KPMG revealed that 80% of the respondents’ systems were infected with malware and 60% even with Crime ware.  
According to Professor Öykü Isik (Vlerick Business School), most organizations look at cyber security only from an IT perspective which is not the right approach .Today when organizations are digitizing their business process, customer services, Security of those processes and services needs to be included from the design phase.  This is only possible when cyber security becomes a top management discussion. Now Companies have started applying the concept ‘privacy by design’ to bring cyber in their business strategy. ‘Privacy by design’ is a concept developed in the 90s and now is making a comeback with new regulation. It means that you need to embed privacy into the design of your processes and products. You shouldn’t see it as a patchwork after you have designed your processes and product. The same mentality applies to cyber security as well. 
 
Cyber Security is very relevant for companies going through transformations, specifically digital transformation, because digital transformation is all about ecosystem building, collaboration and data sharing. Traditional definition of cyber security means that you protect the parameter, protect the network and applications in the organization, but in an ecosystem environment you may not know where your data is. Therefore the new focus on cyber security should shift from securing the network to securing the vital data within the organization. 
 
Companies can use their cyber security strategy to their advantage, especially as a branding tool. Today customers are drawn towards organization which does ethical and clean business. Being respectful for consumer privacy and having a good cyber security system in place are conscious choice for organization that will show themselves as trustable companies to consumers today.   
 
Killing for your reputation 
 
IT should become a business partner in the digital transformation and therefore included in every corporate strategy, rather than a part of the problem or an expense. Professor Isik recommends that cyber security be considered and treated from a strategic viewpoint: “These days, a strong reputation is more important than ever in the corporate world. However, once you have been hacked, your reputation will plummet. Cyber-attacks cost companies more in terms of reputational than IT damage. A serious incident will easily cost as much as 5 million euros. And, on top of the direct costs, there is also the theft of intellectual property, reputational damage, commercial damage and possible lawsuits to be considered.” 
  
Besides the negative effects on reputation and costs this also draws attention to the hidden costs involved in a data leak. The infection can be so serious that you may need to install and configure a new server. There is a big chance you will need to engage an external response team to figure out what happened, what the consequences are and how the damage can be recovered. Damaged or unstable software will also need to be replaced. Organizations often do not have the resources for this. A data leak can even have an impact on the financial health of a company. A well-balanced approach combining prevention, detection and response offers the best protection. 
 
Companies are still strongly inclined to treat cyber security as exclusively an internal phenomenon. Your first priority, however, should be your customers and protecting their interests. Those companies that instil the greatest confidence also enjoy the best reputation. Millennials set great store by the ethical aspects of a company. A company must be able to demonstrate its reliability and treat everyone with respect. Young adults will notice whether or not you remain on top with regard to security issues.”  
  
Include it in every design 

It is recommended that you include your strategy for cyber security in your innovation policy. Draw up a Cyber Response Plan that works preventively, and in which you pursue a policy of ‘privacy by design’ or ‘privacy by default’. This means that you take privacy protection measures into consideration in the development stage of your information systems. Designers start by making an analysis of the vulnerabilities identified by CIOs. This strategy will subsequently be based on this. Privacy by design incorporates all possible security into the initial information system design. 
Ecosystems and networks 
“You should not leave cyber security to IT specialists alone. You have to train everyone at your company in secure practices. According to a study in Forbes magazine, Cyber security should be longer considered as solitary departments that must be screened off. The current focus must be protecting ecosystems and networks for which the support of management boards is crucial. They should make a concerted effort to implement a policy aimed at prevention and develop an efficient strategy for coping with incidents. “After all, in the words of former FBI Belgium chief Robert Mueller: ‘In the end, there are only two sorts of companies; those that were hacked and those that will be hacked’.” 
Source: http://www.vlerick.com/en/about-vlerick/news/cyber-attacks-cost-companies-more-in-terms-of-reputational-than-it-damage 
 
XED Choices for Programs on Cybersecurity for Executives 
Carnegie Mellon University – Cybersecurity Leadership 
Tuck Executive Education - Cybersecurity: Risks, Mitigation And Collaboration 
FIU Business School - Cybersecurity Leadership & Strategy Certificate Program