SENIOR EXECUTIVES ARE ACCOUNTABLE FOR ENTERPRISE CYBERSECURITY // Tomi Dahlberg
C
ybersecurity is currently receiving a lot of attention on global, national, organizational and individual levels for several reasons. Against this backdrop, the topic of my text is: How does cybersecurity influence the activities of an enterprise, i.e., private companies and public organizations? How should an enterprise manage and govern cybersecurity? And who is accountable for the managing of cybersecurity activities? During the past 60 years, the deployment of information technology (IT), operational technology (OT) and digital data has penetrated all enterprise activities. I will use the terms IT, OT and data respectively for short henceforth. IT dependence will only grow in the future. It is hence necessary to understand the business and risk management significance of these seemingly trivial, often heard
clichés to comprehend how cybersecurity influences enterprises. The deployment of IT has three interrelated dimensions. IT development delivers newly- designed, tested and rollout services that enable and support an enterprise’s business. IT development is, however, meaningless without integration and a close alignment with the business and its development. Firstly, changes in the business environment of the enterprise, customer and stakeholder behaviours, as well as internal needs to improve enterprise activities create the need to develop the business and IT. Typical development objectives include customer, internal process, financial, and innovation benefits. In addition, the performance of development is evaluated based on the ability to keep within the budget and follow
CYBERWATCH
FINLAND
|
5
