Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Businesses Security United States

US CEOs Are More Worried About Cybersecurity Than a Possible Recession (fortune.com) 88

With markets uncertain, many onlookers might think a recession is on the way, whether that's most CFOs in the world or voters in the United States. But domestic CEOs don't find heavy economic headwinds their biggest external business worry, according to a new survey by the Conference Board. Instead, it's cybersecurity followed by new competitors. Risk of a recession is third. From a report: After high-profile data breaches experienced over the last two years by such companies as Marriott, Equifax, and Uber, that might seem understandable. But U.S. CEOs stand in stark contrast to those of the rest of the world. Cybersecurity was the sixth most pressing issue for chief executives in Europe. It was seventh in Latin America, eighth in Japan, and 10th in China. Regarding concerns over a potential recession, Europe put that in second place, while Japan, China, and Latin America all rated it number one.
This discussion has been archived. No new comments can be posted.

US CEOs Are More Worried About Cybersecurity Than a Possible Recession

Comments Filter:
  • by Ol Olsoc ( 1175323 ) on Thursday January 17, 2019 @09:16AM (#57976816)
    When CEO's weren't worried about a recession leading up to the 2007 Great recession.

    Might want to be worried about both, my bois.

    • by mjwx ( 966435 )

      When CEO's weren't worried about a recession leading up to the 2007 Great recession.

      Might want to be worried about both, my bois.

      Their arses are covered for a recession by golden handshakes/parachutes... A cyber security breach may lead them to being dismissed without their full payment.

      • by ShanghaiBill ( 739463 ) on Thursday January 17, 2019 @09:38AM (#57976920)

        Their arses are covered for a recession by golden handshakes/parachutes... A cyber security breach may lead them to being dismissed without their full payment.

        This makes sense. If a company loses money in a recession, it is not the CEO's fault. One person didn't cause the recession, and the best a company can do is have enough financial cushion to ride it out. But a breach is preventable, and the buck stops with the CEO, so they should be held accountable.

        • by emil ( 695 )

          I am still running HP-UX 10.20, along with a large pile of UNIX systems that the vendors abandoned long ago. I threw away Alpha DS10s last week, but certainly not all of them.

          I'm holding onto an Itanium for a VMS guy. And if you think VMS is old, you should see our OS2200.

          If that was going to burn, it would have been cinders long, long ago.

      • A cyber security breach would just mean they short a bunch of stock before the announcement, making them even wealthier. I have yet to see any real negative consequences for neglecting security, other than maybe paying a year's worth of Locklife in bulk as a PR measure.

        • A cyber security breach would just mean they short a bunch of stock before the announcement, making them even wealthier.

          Well there's Equifax...https://www.marketwatch.com/story/equifax-executives-sold-stock-after-data-breach-before-informing-public-2017-09-07 so you aren't wrong

      • by 1ucius ( 697592 )

        Close...imho, it's more that they won't get fired for a recession (they can't blame you if everyone is affected). They might get fired due to a cyber security breach.

      • Their arses are covered for a recession by golden handshakes/parachutes... A cyber security breach may lead them to being dismissed without their full payment.
        Yep. As per 'Capitalism run wild' they only care about themselves. If there's another recession they don't care, they've personally got money to burn, they'll be fine, and they don't give a damn about the rest of us plebians who are not part of The Rich.
    • by sycodon ( 149926 ) on Thursday January 17, 2019 @09:33AM (#57976898)

      In 2007, the crash was the result of repackaged bad mortgage debt traded like it was good debt.

      The only thing close to that now is student debt. However, I would hope that the Universities would be held accountable for that since the cost inflation and the lack of suitable employment skills falls directly in their laps.

      • You might want to look into the car loans situation.

      • by ranton ( 36917 ) on Thursday January 17, 2019 @10:01AM (#57977018)

        In 2007, the crash was the result of repackaged bad mortgage debt traded like it was good debt.

        There are many more scenarios than just a debt crisis which could cause our next recession. Inflation hasn't been a problem even with significant stimulus, but the causes of inflation tend to lag and can be hard to fight so runaway inflation is still a legitimate concern. Corporate debt is over 50% higher as a percentage of GDP today than it was in 2007, caused by incredibly cheap interest rates, which can certainly cause small dips in the economy to have much larger ripple effects. Higher inflation which is generally combated with higher interest rates would exacerbate this problem. And then there are always trade wars, which we are already seeing on a very small scale without many responsible parties in power to combat if it gets out of control.

        I'm not saying I think another great recession is likely, but there are certainly many potential causes of one on the horizon.

      • In 2007, the crash was the result of repackaged bad mortgage debt traded like it was good debt.

        That was the big cause. In addition, many of the same people who had the bad mortgages (as well as many who didn't) were drowning in debt. Multiple credit cards, most all maxxed out. multiple re-fi's based on inflated housing prices.

        I knew it was coming the day I saw my first "Buy a million dollar house with monthly payments of 250 dollars!" ad on Yahoo. That was simple math and no way around it. Human lifespan, take home pay, and mortgage amortization. So simple a caveman could figure it out. So there

      • They are still subprime loans going out. But I think the next recession will probably be due to different problems. Mostly due to closing off borders and trade.
        Current policies and actions seems to be cutting business off from a customer base (Other countries are avoiding US goods and services to avoid Tariffs, and looking for countries to partner with who have a better trade deals). This will not be a overnight thing, as it takes time to change vendors and find replacements, also early on some new local c

        • (Other countries are avoiding US goods and services to avoid Tariffs

          Hmm, other countries are avoiding US goods because the US is making noise about imposing tariffs on...imported goods?

          That doesn't make any sense at all....

          Note that the government can't really do anything to help recover from a recession. Or don't you remember the Great Depression (yeah, we stopped using that word afterwards, but a "recession" is just a depression by another name)? The only thing that pulled the world out of that one w

        • There may be a crash. When Joe Sixpack gets hit so hard and no safety net is available other than creating a GoFundMe, he will start paring down "luxury" items to the bone. Netflix will be replaced by BitTorrent, a music subscription gets replaced by a hard drive full of music files of unknown origin, and so on. The problem is that so many companies live by those monthly subscriptions, and when people go into survival mode, most of those will wind up being cancelled. For the most part, if people are loo

    • by Anonymous Coward

      In my experience working with C levels, they don't give a crap about either one.

      Scenario 1: A massive cyberattack. All their source code, info on people, user accounts with decoded passwords, credit cards, payroll, etc., now are residing in a Lower Elbonian database public to the world. The C-levels short their stock, make the announcement that everything is hosed, laugh all the way to the bank, and toast the downed company on their new yachts. Insider trading? Not prosecuted these days.

      Scenario 2: A

    • There were plenty of other times the CEO's weren't worried about recessions leading up to periods where there weren't any recessions. There's always someone predicting some misfortune or windfall. If any one of these people were actually that good and always right, they'd own the rest of the planet already since they could make better financial plays than everyone else just like a poker player who can see all of the cards.

      Also, the phrase "more worried than" doesn't imply that recessions aren't a worry,
      • There's always someone predicting some misfortune or windfall. If any one of these people were actually that good

        There you go again, talking truth to stupidity. STOP that. If you count both the hits AND the misses, how to you expect Miss Cleo to meet her numbers this month -- with psychic powers at the roulette wheel or something?

        She provides a service: comforting stupid people. When she gets it wrong the "stars were out of alignment" or something.

    • by guruevi ( 827432 )

      The public is more worried about cyber security in general. They don't want "their stuff" stolen and it brings bad press for any company. Unlike what you believe, most "big bad companies" pretty much live on the margin of life and death and a few percentages means the difference between making a small profit and either bankruptcy or hostile takeover. Most companies have to lend to make payroll every month, most companies have massive amounts of debt (including Netflix and the like).

      Recession is not a worry

    • If I were a CEO I would task the CIO/CTO to worry about Cyber Security, just make sure you have enough money set aside to help pay for their recommendations. But the CEO should be more worried about recessions. Because Recessions cut the number of customers, a cut in customers cuts profit and growth.

      • If I were a CEO I would task the CIO/CTO to worry about Cyber Security, just make sure you have enough money set aside to help pay for their recommendations. But the CEO should be more worried about recessions. Because Recessions cut the number of customers, a cut in customers cuts profit and growth.

        One of the first things that should, but probably won't happen is the cyber security depratment needs to be turned into something other than a cost center.

        Then there is another problem. While its easy to blame the minions, a tremendous number of breaches come from top levels.

        The Chief cyber officer needs to be at the same level as the Chief Security officer, have the same level of impunity as a ship's surgeon, and be protected from retaliation - ie, can go into the CEO's or CFO's office and force the

    • Comment removed based on user account deletion
  • by fat man's underwear ( 5713342 ) <tardeaulardeau@protonmail.com> on Thursday January 17, 2019 @09:26AM (#57976866)

    Even in a recession they still get their golden parachute, but a IT breach could reveal their porn browsing habits

  • by ranton ( 36917 ) on Thursday January 17, 2019 @09:32AM (#57976896)

    In a recession at least all of their competitors are feeling the pinch too. Sustaining competitive advantage is far more important than the temporary pain of a recession. A data breach and new competitors are much bigger concerns for any CEO with his/her head on straight.

  • by jeffasselin ( 566598 ) <cormacolinde@gmail. c o m> on Thursday January 17, 2019 @09:41AM (#57976932) Journal

    A recession will barely affect those at the top.

    Cybersecurity risks hitting their assets, bank accounts, and tax haven shenanigans.

  • by WindBourne ( 631190 ) on Thursday January 17, 2019 @10:08AM (#57977036) Journal
    They keep offshoring to India. Who is India's closest ally? Russia. It is one thing to bring known ppl to America, it is another to send work offshore where a gov that views us as enemies can access the software.
  • This is what happens when government punishes people for allowing the lock on their back door to get picked instead of going after the actual criminals.
    There's also a new "study" that says businesses are working about climate change "to a point". Maybe, but not in the way the radical environmentalist think. What they're really worried about is getting the sh*t kicked out of their expenses due to every increasing regulations making it impossible to stay solvent (see what I did there?).

  • From my own personal experience working at very large, IT dependent organisations, CEOs pay nothing but lip service to IT security. Shut-up then cover-up is the order of the day. Small companies, where CEOs can't hide behind layers of management and bureaucracy, and where they have to be good at their job and actually direct the company for its success, is where they really do care.
  • Economies rise and fall; recessions happen every so often, so of course one will happen sooner or later.

    Democrats really wanted one to hit last summer before the mid-terms, now they're hoping for one in late 2019 or mid-2020.

  • So if they're worried about cybersecurity, does that mean they'll actually pay more for cybersecurity? Somehow I don't see that happening.

    • Yes, cybersecurity spending has increased perhaps 1000% over the last ten years. I've been doing cybersecurity work for twenty years. The first ten years, there was no money in it, but I enjoyed it. The last few years, my experience has become very marketable.

      On Tuesday I talking to a guy at an OWASP meeting and mentioned his company has 50 employees in the cybersecurity department. They aren't a security company.

  • Of course they are more worried about a cyber attack which will look like a purple eye on their resume. While a recession will only make them out of a job, for which they have their golden parachutes ready. Of course they do not care about the rank-and-file they will leave behind without jobs and without a possibility of employment for the months or may be years to come. Is this a surprise to anyone ?
  • CEO compensation is closely tied to "shareholder value". Voicing concerns about a recession or loss of revenue is bad for "shareholder value" and CEO compensation. CEOs will never see a recession coming, at least not publicly, but I would expect many to quietly adjust their personal exposure.
  • by OneHundredAndTen ( 1523865 ) on Thursday January 17, 2019 @11:28AM (#57977486)
    In my experience, most people claim that security is a big problem. But, when the rubber meets the road, they are reluctant to invest. Why? Because the aftermath of situations caused by security breaches tends to be a lot of noise - and very little else. We keep hearing about huge security breaches in Equifax, Target, Visa, etc. I am sure that, after such breaches, heads roll in the companies affected. But such companies just keep going. A breach like the one at Equifax a few years ago should have brought the company to its knees. But, Equifax is still there, doing what it has always done. I am sure they took a beating, but it would seem that it makes financial sense for them to take that beating than having to invest in security to try and minimize the possibilities of such breaches: the most stringent security does not guarantee that such breaches will not happen. Hence the current situation: everybody pays lip service to security, claiming that it is very important. But, when the time comes to investing in security, most do not - because it is really not worth the while.
    • Absolutely correct. Which is why such matters always end up dealt with via regulations. And the fear comes from the fact they see the writing on the wall. Europe already has their GDPR. USA is next.

  • So, with a recession, there are a few things. First, recessions are beyond the control of any one company. Even in 2007, the issue was "the banks" - nobody blamed Wells Fargo or Capital One explicitly, which meant that they could play hot potato and work together to get their bailouts. A security breach doesn't have the same luxury.

    Next, while a recession is a predictable economic cycle with well-understood means of remediation, a digital breach could mean anything. Even if it was something as innocuous as

  • by Tom ( 822 )

    They are worried that their shareholders want them to talk about cybersecurity, rather than recession.

    I work in cybersecurity. It's a huge market. That consists of 40% snake-oil, 40% faking compliance to some standard, law or other requirement and 20% of actual security. I'm mostly interested in the 20% and on some days I hate myself for it because I could make so much more money selling bullshit to the gullable or assurance of on-paper compliance to managers.

    If they actually took security seriously, they w

    • I mean, as one example? I work for a company that uses a lot of freelance workers on a project basis, as needed. They're required to have company email addresses so their correspondence looks like it comes from our company. But otherwise, they're more or less on their own to work with their team of people that brought them on-board for whatever they're doing.

      When the business was smaller, the people in I.T. pretty much met/interacted with all of these freelancers, so they were familiar with the sound of the

      • by Tom ( 822 )

        Yes, that kind of thing. I fix this fuck on a daily basis and it all goes back to the same two problems: a) nobody thought about security early and b) everyone is stretched too thing and under time and budget pressures.

        Hiring two more people for your IT will do more to security than buying the latest snake-oil tech product.

  • Recessions are largely equalizers, and all companies are typically impacted, and they are part of the normal ebb and flow. So you as lean and mean an organization as you can, and handle the bumps as they come along. Surviving Recessions is about profit maximization.

    Cyber Security is not part of the normal ebb and flow. Cyber Security is about loss prevention, not profit maximization. Cyber Security doesn't create profit or mobility. Cyber Security doesn't enable users to be more productive. It is simply
  • There will be a recession; for some darned reason they keep happening every ten years or so.
  • Yes, companies are VERY worried about cybersecurity matters right now. But it's not so much because they're afraid of the bad press if they get hacked. (Like people here keep posting -- security breaches of people's credit cards and personal info have become so commonplace, it's assumed that every valid credit card number in use in America is leaked out in one collection or another of data from the hacks. You card isn't getting misused because hackers don't have it. Rather, it's just the fact that nobody ha

  • the same CEO's that pick the cheapest vendors and out source to low bidders?

  • Are they potentially held liable for a recession? No chance.
    Are they potentially held liable for a a cyber attack? Well, the writing's on the wall [corporatec...sights.com] that they could very well be held responsible if they can't show that they took reasonable steps to prevent it. The noose is getting tighter, Europe already is moving towards liability laws for data breaches and security blunders if the CEO can't show that he didn't just blatantly ignore any kind of security warnings from his infosec department (or shows his negl

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...