As cyberattacks on healthcare institutions become more prevalent, it behooves the C-suite to consider increasing their knowledge and potentially crossing verticals when it comes to cybersecurity, say some experts in a recent article in The San Diego Union Tribune in relation to the Scripps Health attack in May.
“Every CEO, at this point, is now in the business of cyber security,” Lisa Easterly, chief executive of the San Diego Cyber Center of Excellence told The Tribune. “They need to be engaged and understand what the risk is on a real-time basis; the threat landscape is ever evolving and becoming more sophisticated.”
Writer Paul Sisson points to the rise of the chief information security officer’s responsibilities, despite often not being part of the executive branch in healthcare, which can lead to competition for resources and difficulty making cybersecurity needs known. This separation can result in a disconnect between the security and business needs of the organization.
“A big part of the problem is that people who have come up through this technical track need to go out and get a damn MBA,” Hamilton said. “Yes, the CEO should probably learn something about cyber, but the CISO, even more so, needs to know more about business.”
Source:
