And What You Should Be Presenting On
Next week I’ll be speaking in Louisville, KY, at yet another lunch & learn – The question is, do people still attend these? Why should they? Well, this morning’s WSJ article, Boards Struggle With Cybersecurity, Especially in Health Care, answers the question. “Board members, [and any C-Level executive] need more education,” writes columnist Kim Nash.
Every company is facing these threats on a daily basis, yet only about 11% of the business leaders claim to really understand data risk. This data comes from a survey across 1034 directors. And while healthcare data is some of the most sought after by cybercriminals, the healthcare leadership rank as one of the least educated groups in this study! On the high ranking side (high-tech companies), only about 31% have a thorough understanding. In other words, most industry leaders are completely unprepared to make wise decisions when it comes to mitigating risk.
Healthcare Leaders Need More Security Awareness Education
Last year I experienced this misunderstanding as a speaker at a Healthcare conference in Denver. Every security related session I attended focused on compliance. HIPAA is important, but it has little to do with risk. I started my session by asking the audience to set compliance aside for an hour while we talk security. They seemed surprised by the idea. After my session, several commented that they had no idea what was going on. Kim Nash quotes Charles W.B. Wardell, III, president and CEO of executive recruiter Witt/Kieffer, stating, “In health care, the need for security knowledge is urgent, …Many [health-care] organizations are conducting risk assessments regarding their information security programs and preparedness and are alarmed at what they’re finding.” Having personally worked with many security providers who perform these assessments, I can confidently agree – most of them are turning up urgent issues.
Study results presented in this article showed that just about every industry, other than IT, scored 20% or less on having a high degree of knowledge. More industries reported “Some Knowledge”, but many reported “Little Knowledge”.
When Is Your Next Lunch & Learn? Fall is a Great Time. Now Is The Time To Plan It.
Should you be setting up more security-focused lunch & learns? The answer is, Yes!
However, these groups don’t need product knowledge. They don’t need to hear sales managers, channel managers, or even you local SE talking about products, services, or esoteric technology jargon. What they do need is straight talk on trends, likely threats, big mistakes being made, and why so many companies are losing the battle. They need intelligence they can use to make wise decisions regarding access to data, policy, hiring decisions, outsourcing decisions, and budget justification.
These are the kinds of things we’ll be addressing next week, and they’re the same things your clients and prospects need to hear. If you get push back on attending, you might want to point them to Kim’s article… (Access it on the WSJ website).
© 2015, David Stelzl
PS. Check out my new Security Website – it’s a work in progress, but here it is.