What is the best way to help small and medium-sized companies manage their cyber risk? 

Last week, CEOs and senior leaders of global companies, across sectors, gathered to discuss this question at the inaugural meeting the Cyber Readiness Institute (CRI) in New York City.

Senior Executives from 12 companies representing four countries and a variety of industries – including financial services, manufacturing, transportation, and technology – shared diverse perspectives about strengthening cyber resilience and improving cyber risk management in their value chains.  

The Institute presented its initial research on the cyber risk management needs of small and medium-sized businesses (SMBs). Insights were based on two Global Dialogues, which convened global groups of SMBs to discuss their cybersecurity practices and concerns, as well as on the experience and expertise of the Institute’s leadership team. Key findings include:

  • - People are the weakest link; education/training is insufficient
  • - High dependence on vendors for security
  • - High cost of cybersecurity solutions, including penetration testing
  • - Challenges with identity access, phishing, and patching
  • - Difficulty keeping up with customer and regulatory requirements

     - Insufficient threat awareness and preparedness

CEOs and leaders provided feedback on CRI’s initial workplan and framework for tool and content development. Participants suggested a number of approaches and tools that would offer practical approaches for managing cyber risk that would be easy to implement. 

General Keith Alexander (Ret.), Former Director, National Security Agency and Commander, U.S. Cyber Command gave remarks over lunch. He pointed to the importance of this project in advancing the cybersecurity of the private sector and enabling the private sector to both improve protections and also be a better partner with the government. He explained that government and industry must collaborate to improve the cybersecurity of our nation, with a particular focus on critical infrastructure.

The meeting concluded with a discussion of the next steps for the Cyber Readiness Institute including the announcement of the next meeting on November 16, 2017. This virtual meeting will bring together an international group of subject matter experts from CRI member companies and SMB representatives from their global value chains. Bringing these two groups together will ensure that the SMB perspective is represented in the development of tools and content to help them become more cyber ready.