Why Business Leaders think about Cybersecurity the same as they do about a visit to their Dentist

Introduction

Cybersecurity professionals often see themselves as proverbial ‘knights in shining armour’. And sure, the fundamental nature of the work that a cybersecurity professional engage in is in fact to protect people and organisations from the harms of cyber-crime. There is a genuinely noble basis for our profession, and this is something that as an industry we should be proud of.

However, while we see ourselves in this way, we need to be careful in terms of our we as an industry portray ourselves to the stakeholders we want to protect.

Let me explain.

For many business leaders, dealing with cybersecurity professionals in managing cyber risk is anything but noble in nature. Many business leaders, frankly speaking, deal with cybersecurity because they have to. They have now had it drummed into them that cyber risk is a director duty; a significant business risk; a reputation risk etc. However, what IT and cyber professionals often don’t appreciate is that many business leaders have absolutely zero interest in technology. They often don’t understand how technology works. Often, technology is scary for them. Which doesn’t work particularly well when you have business leaders who pride themselves on knowledge. Simply put, they don’t care about ‘tech stacks’ and would do away with the whole thing if it didn’t impact their business operations and productivity. ?

For business leaders, dealing with cyber professionals will evoke the same feeling of apprehension as a visit to the dentist — a task that is dreaded, often postponed, often occurring when the pain in your jaw is unbearable but ultimately unavoidable.

Think about it. Both experiences are characterised by a high likelihood of discomfort, despite the almost universal understanding that neglect in either experience can (and almost certainly will) lead to far greater pain down the road. And just as failing to address dental issues can result in severe and rather painful consequences, so too can neglecting cybersecurity expose a business to substantial risks.

Let’s drill down on this discussion a bit further (pardon the pun).

The Parallels Between Dentistry and Cybersecurity

Preventive Measures are Often Overlooked

One of the key similarities between cybersecurity and dental health is the role of preventive measures. Regular check-ups and maintenance are crucial for both, yet both are frequently ignored until the inevitable happens. And just as people may skip dental appointments due to time constraints or a fear of discomfort, business leaders often delay cybersecurity investments because of perceived complexity, cost, or a misguided belief that their company is not a likely target. As a result, many business leaders may not realise that cybersecurity, like dental health, requires ongoing attention.

Success in both area is not a one-time fix but a continuous process of monitoring, updating, and improving systems to protect against evolving threats. The reluctance to invest in preventive measures can lead to significant damage, whether it's a costly data breach or (highly) painful root canal treatment.

Immediate Pain versus Long-Term Consequences

The fear of immediate discomfort—whether it’s from the dentist’s drill or the cost and disruption of implementing new cybersecurity measures—often overshadows the recognition of long-term consequences. In cybersecurity, this mindset can be particularly dangerous. A single breach can lead to financial losses, reputational damage, and legal ramifications that far exceed the initial inconvenience or cost of preventive action.

Business leaders often understand the importance of cybersecurity on a theoretical or high level, but still opt to push it down their list of priorities until it becomes a pressing issue. The results in a reactive rather than proactive approach, where cybersecurity is addressed only after an incident has occurred. This reactive stance is akin to waiting until a toothache becomes unbearable before visiting the dentist. By then, the damage has been done, and the solution is often more invasive, costly and painful.

A Necessary Discomfort

For many, the thought of visiting the dentist is fraught with anxiety. Similarly, cybersecurity can evoke feelings of uncertainty and fear, especially for leaders who may not have a deep understanding of technology. The complexity of cybersecurity, coupled with the constantly changing threat landscape, can make it an intimidating subject for those more accustomed to being in control and focused on things such as business growth and strategy. However, just as dental visits are necessary to maintain dental and general health, cybersecurity measures are essential for protecting a business's digital assets. The discomfort associated with both is temporary, but the benefits of addressing issues head-on are long-lasting. Regular cybersecurity assessments and updates, just like routine dental cleanings, help to identify and mitigate risks before they become major problems.

Changing the Mindset: From Reluctance to Resilience

The key to overcoming the reluctance many business leaders feel toward cybersecurity is to shift thinking from one where cyber is unpleasant and an obligation to one where cyber becomes a critical business enabler. Cybersecurity continues to be viewed as a cost centre. However, why not think about cybersecurity as an investment in the company’s future instead? By fostering a culture that values security, leaders can (and should) move their organisations beyond the fear and discomfort associated with cyber.

Education and awareness are crucial in this regard. Just as dental hygiene is taught from a young age, the importance of cybersecurity should be part and parcel of a risk resilient corporate culture. Leaders who understand the direct correlation between robust cybersecurity practices and business success are more likely to prioritise it.

Moreover, partnering with cybersecurity experts can help demystify the process. Just as patients trust dentists to guide them through the complexities of oral health, business leaders can rely on cybersecurity professionals to navigate the intricate landscape of digital security. By leveraging duly qualified and accredited external expertise, they can ensure their business is protected without having to become experts themselves.

The (Free Colgate Toothbrush) Takeaway

Dealing with cybersecurity is almost always an unenjoyable task for business leaders, much like visiting the dentist. However, by recognising its necessity and adopting a proactive approach, the discomfort that comes with dealing with cyber can be minimised, and the long-term benefits can be maximised. Just as regular dental care is essential for preventing painful problems and a rendezvous with the dentists pliers, consistent attention to cybersecurity is crucial for safeguarding an organisations future.

The key is to shift the mindset from one of reluctance to resilience, ensuring that cybersecurity is embraced as a fundamental component of business strategy rather than an afterthought.