Risk Management Starts with Pinpointing Vulnerabilities

March 29, 2016 – Benchmark Executive Search, based in Reston, VA, is making its mark as a sought-after recruiter for both federal market and commercial companies in search of cyber talent. Jeremy King, the firm’s founder, has worked extensively with VC/PE backed firms that serve the government, building strong ties with leaders in intelligence, defense, and national security.

Benchmark’s focus has been on helping start-ups, emerging growth and mid-cap companies find top executives with government backgrounds and strong connections in the defense and national security markets in areas like information technology, military communications, homeland security, and cyberwarfare, among others. Terrorism and cyberattacks are ratcheting up the call for hiring in these areas, he said, and the sector is thriving.

Benchmark is now directing its energy to Fortune 1000 companies, many finally awakening to how destructive security breaches of all types can be – from physical damage and real costs to reputation loss and customer recovery. Mr. King is now calling for industry to re-evaluate its approach to risk management. “Previously siloed risk-management functions must be reinvented, strengthened, and funded more aggressively,” he says. “Success will require unprecedented cooperation from board directors and those in the C-suite.”

Hardening People as Well as Networks

Mr. King advocates a stronger “culture of security,” strong executive leadership, and greater resources to manage network vulnerabilities with urgency and continual innovation. Top companies, in particular, must be vastly more vigilant about comprehensive risk management. “Fortune 1000 corporations face a clear imperative: decisively improve internal risk management assets, leadership and performance – or risk suffering at your company’s or shareholders’ peril,” says Mr. King.

In many respects, risk management starts at the top of these companies, and the key will be vigorous attention and collaboration between boards of directors and the C-suite. Of particular concern in keeping companies safe is the human element. “With an estimated $94 billion dollars to be spent on cybersecurity in the next decade, it is surprising most corporate investment in security today is directed to hardening networks rather than people,” Mr. King says. “Most organizations have not taken the time to map the vulnerability points of their employees or done a comprehensive risk management assessment.”

Predictions for 2016

Based on what he and his colleagues have gleaned from clients, advisors, and their network of security talent, Mr. King makes four predictions for 2016:

  • Public companies will increasingly empower a single leader or group to take charge of their integrated risk and security strategies;
  • Chief risk officers (CROs) will see a greater role at public companies and be regarded as peers to the COO. “With the COO having P & L, profit and loss, responsibility, the next generation CRO will have a new kind of P & L – prevention of loss,” says Mr. King;
  • Boards will increasingly follow the federal Sarbanes-Oxley Act compliance mandates, which among other things led to most public companies establishing a chair of the audit committee. “Soon we will see more public, and some private, companies implement a chair of the risk or cyber committee, or both, on their boards,” Mr. King predicts;
  • Public companies will undertake more extensive risk assessments to pinpoint where they are most vulnerable to attack. This would include facilities, communications, networks, and employees. “This new level of threat intelligence is partly due to increasing global corporate espionage and intellectual property theft,” he says.

Contributed by Stephen Sawicki, Managing Editor, Hunt Scanlon Media

Share This Article


Leave a Reply

Notify of