To business leaders, the information technology function is increasingly being viewed less as a spend and more as an investment. IT and cybersecurity have become valuable tools for protecting and adding value to a company, and the main component to success in this area is the people.
An investment in people can be done in many ways, whether it’s hiring a business-minded chief information officer, training staff to be aware of and avoid cyberattacks, or approaching change management carefully when a new system is installed. Either way, it is necessary in order to add value to your business with IT and cybersecurity.
In the case of finding the right CIO, it’s often difficult to find leaders who have both the technical expertise and a business mindset. According to Lou Brothers, IT due diligence leader at RSM, more often companies are finding leaders with knowledge of 60-70% of the business, with their main focus to keep the costs down.
One item that has been getting a lot of buzz lately is the idea of tapping into data science as an additional source of revenue, or monetizing the data that a company brings in from their regular business. Brothers notes that while this can be a big opportunity, it’s best to keep options open as business needs may change unexpectedly. An example of this was seen with COVID-19, with many businesses needing to shift their business tactics in order to survive. According to Brothers, it is very apparent which companies were prepared to make quick changes and, which were not.
Similarly, Kevin Carpenter, cybersecurity due diligence leader at RSM, states that an investment in people is a key part in cybersecurity investment, but that many business leaders find it difficult to appreciate because it’s viewed as spending money on something that has not happened yet, or may never happen. However, not being properly prepared can put the company at risk and could lead to damaging results.
One of the most damaging forms of cybercrime right now is wire fraud, which is done by social engineering, meaning criminals trick an employee into fulfilling an unauthorized payment. It’s important to train your staff and put strict protocols in place in order to defend against social engineering scams.
At the end of the day, the success of investing in IT and cybersecurity relies heavily on an investment in the people. It’s not enough to just explain the IT function to employees, but instead make sure they understand why it’s necessary and get them excited about the changes taking place. With the right tools and protocols in place, IT and cybersecurity can add great value to a company.