NewslettersCEO Daily

CEOs share striking stories about their own cyber unpreparedness: ‘We were all into prevention and not enough into resilience’

By Jackson Fordyce
Geoff ColvinBy Geoff ColvinSenior Editor-at-Large
Geoff ColvinSenior Editor-at-Large

Geoff Colvin is a senior editor-at-large at Fortune, covering leadership, globalization, wealth creation, the infotech revolution, and related issues.

SEE FULL BIO
Close up hands of female using laptop in bed at night. Woman's hand typing on keyboard, working late, device screen light illuminated on her. Lifestyle and technology
A new report encourages CEOs to up their cyber game.
Getty Images

Good morning. Fortune senior editor at large Geoff Colvin here, filling in for Alan,

For CEOs in eternal combat against cybercriminals—that is, all CEOs—it seems a day that had to come has finally arrived. Being accountable for cyber, erecting the mightiest defenses, trusting fully in world-class experts—none of that is good enough anymore.

So says a new report from ISTARI, a global cybersecurity firm established by Temasek, the Singapore state investment company. The document, “The CEO Report on Cyber Resilience,” was prepared in collaboration with the University of Oxford’s Said Business School.

What strikes me most strongly is the message that CEOs, regardless of their education, must become significantly more cyber-literate, like it or not. They don’t have to go to coding school or learn to banter about post-exascale high-performance computing, but they can’t regard the cyber world as a jungle impenetrable by all except lifelong techies. As the report says, CEOs (and by implication those who report to CEOs) must “move from blind trust to informed trust.” They must understand a new language.

The authors reached their conclusions by conducting 37 interviews with anonymized CEOs of global corporations. Some of their stories are striking. “The CIO came to present at an executive meeting and asked us how many servers we thought the company had,” one CEO said. “The lowest estimate in the room was four. The highest was 250. The reality was more than 4,000. That was an incentive for all of us to understand more. We realized we spend millions each year on this technology but don’t really understand it.”

The researchers also discovered, surprisingly, that many CEOs still rely far too heavily on prevention. It’s surprising because cybersecurity experts have been telling executives for years there are just two kinds of companies: those that know they’ve been broken into and those that don’t know. A U.S. CEO told the researchers, “We were all into prevention and not enough into resilience, and that’s the mistake we made.”

A European CEO related his painfully-won lesson: “I learned the clear truth that all CEOs must know: You can never stop a cyberattack, you just do your best to limit the damage. The idea that you could ever actually stop it is nonsense because sooner or later, something will get through.” Not a cheery message, but then we’re talking about dealing with criminals. This new report is a CEO-level guide to having more successes and fewer mistakes in dealing with a hard 21st-century reality.

Geoff Colvin
geoff.colvin@fortune.com

TOP NEWS

Turnaround plan

Foot Locker's new CEO Mary Dillon unveiled a turnaround plan that's intended to increase sales for the shoe retailer 9% above the $8.7 billion in revenue it reported last fiscal year. To reach that goal, Dillon, previously CEO of Ulta, is aiming to open stores away from shopping malls, promote a loyalty program, and invest in technology. Bloomberg

More salary transparency 

Employers in the U.S. are increasingly posting salary ranges for job openings, even in states where it's not legally required. Advocates say this benefits women and people of color by shifting the responsibility of determining fair compensation to the employer. The practice allows job seekers to better understand their worth and lets employers attract top talent by being more competitive with their compensation packages. The Associated Press

TikTok testimony

TikTok CEO Shou Zi Chew is set to testify before Congress on Thursday where he's likely to get a frosty reception from lawmakers who consider the super-popular app a national security risk. Ahead of his testimony, TikTok parent ByteDance published an update to its corporate structure for the first time in three years, mapping out an organization that seems to conflict with Congress's interpretation of how the company operates. 

AROUND THE WATERCOOLER

Here’s what 3 high-profile CFOs learned from their first jobs by Chris Morris

Howard Schultz hands Starbucks torch to new boss. From NFTs to store redesigns, here’s how the legendary CEO got the coffee giant back on track in his third stint by Chloe Taylor

Silicon Valley Bank’s collapse almost led to payroll disasters. But it offers founders an important finance lesson by Paolo Confino

Gen Zers are now ‘polyworking’ because holding down just one job doesn’t pay enough or give them the flexibility they want by Orianna Rosa Royle

Finance YouTubers who promoted FTX have now been handed a $1 billion lawsuit by Eleanor Pringle

This edition of CEO Daily was edited by Jackson Fordyce. 

This is the web version of CEO Daily, a newsletter of must-read insights from Fortune CEO Alan Murray. Sign up to get it delivered free to your inbox.