Security: Topics the C-Suite shy’s away from discussing.

I belong to a large number of C-Suite on-line groups. These groups consist of CEO’s, CFO’s, CIO’s and all the other ‘C’s’ as well as those who are interested in the conversations. That’s a lot of people, even considering duplication among groups.

There are a cluster of topics that just don’t get any play; and these issues can ultimately make or break a company. I keep trying to start conversations, but success has been fleeting. While I understand that not discussing these topics in detail (company specific plans) may make and actually does make perfect sense (proprietary information, public perceptions, etc.), but not involving one selves in a conceptual discourse; is self-defeating? That in and of itself; the failure to confer and converse; is a pre-cursor to both a short-term disaster (after the actual ‘natural’ disaster) and a long-term strategic mistake.

What are the foci failing to launch, you ask? They are all too some point inter-related, are subjects to a tremendous amount of industry and general press, and should be on the top of (or to steal from David Letterman, the ‘Top 10’) every companies to-do list.

They are:

With more and more natural disasters, terrorism and every day ‘bad luck’ events happening, how can a C-Suite not be focused in on BCP? BCP runs the gamut, from data recovery (which is really such a small part of the overall plan) to how we continue running our companies and where a disaster should hit which closes our offices/warehouses/supply lines.

Examples abound of these events happening:

Japanese Tsunami in 2011 (in America, supply line disruption)
Super storm Sandy (office & warehouse space closed for long periods of time, transportation/supply line disruptions)
Iowa Severe Storms, Tornadoes, Straight-line Winds, and Flooding in August 2014 (loss of office & warehouse space, disruption of employees)

If a company hasn’t done some pre-planning then the disaster’s impact will be magnified, because responding to the issues that a disaster causes without a clue of the who, what, where or when is far more expensive and stressful then pre-positioning yourself strategically. Planning is never perfect; it is a dynamic process that evolves; but even so, you can modify your options on the fly and not start responding to the event from scratch.

Continuity of Operations - SecurityCOOP issues happen all the time as well. Accidents or just life’s normal cycle will cause COOP events. Questions one should ask include ‘how will the business continue to run should the leadership not be around?’ From the simple event; the owner dies to the equally devastating and more complex; top executives die in a plane crash or all the executives are trapped by circumstances and unable to communicate for an extended period of time.

How does the company continue to operate? Who has authority to sign operating and payroll checks? Actually open the doors or sign-off on that deal where time is of the essence? Security

Cybersecurity is on everyone’s mind because it’s in the news almost every week. Target, LinkedIn, eHarmony, Zappos, Pacific Bell and the list goes on where cybercrime has been perpetrated.

CyberSecurityFrom stealing passwords to the purloining of actual currency; why is the C-Suite silent on this issue? In fact, if more attention and debate of ways to enhance cybersecurity was debated by the non-techies; a new or improved understanding of the negative consequences of being a willing victim of such a crime would be understood by companies large and small.

The attitude of it can’t happen to me; natural disasters, fires, accidents, terrorism, cybercrime; is akin to being an Ostrich and that is just not a tenable position to take.

So why aren’t these topics being discussed in the open, with C-Suite and others in a way that everyone can learn?

What’s your take on this laissez faire attitude?