Cyber security: A business imperative at Caterpillar
From Caterpillar Inc. Communications- Information Security blog, July 2013
By Nate Deppermann
Imperative: something that demands attention or action; an unavoidable obligation or requirement
The ever-mounting need for effective cyber security in organizations has progressed to the point where it is now a business imperative. A PricewaterhouseCoopers (PwC) article noted that company leaders and boards can no longer afford to view cyber security as a technology problem; the likelihood of a cyber- attack is now an enterprise risk management issue. This is especially true of global companies like Caterpillar, and keeping up with sophisticated, evolving cyber-attacks must take priority. How is this relevant to Caterpillar employees? So why should Caterpillar employees be so concerned about cyber security if it is a business imperative driven by company leaders? The answer: cyber threats can have a far-reaching impact on company performance that is felt by all associated with Caterpillar. Cyber security should be driven by every member of the Caterpillar team. Failure to consistently practice good information security behaviors puts the company and its competitive advantage at risk. Information security breaches can seriously damage a company and can have massive repercussions. Consider the following examples from the PwC article referenced above that underscore what is at risk in managing cyber security: Lost revenue Competitive disadvantage Reputational damage Reduction of shareholder value Eroding customer goodwill
How is Caterpillar making cyber security a business imperative? Executive Level: After reevaluating Caterpillars enterprise security, company leaders determined that a large-scale security transformation was necessary. Funding and resources were allocated and the planning and carrying out of the transformation is under way.
Business Unit Level: Caterpillars Global Security team provides employees with resources to help them understand what good security behaviors are and how this impacts the real threats we face. Business units drive the required learning completion, host guest speakers and works with Global Security for presentations on information security.
Employee level: Employee behavior is key to protecting Caterpillar. The success of Caterpillar as a business is driven in large part by the quality of its people and their secure behaviors. This is achieved through understanding information security risks and ownership of information security guidelines and the Code of Conduct. Be sure to follow this Information Security Connections community for updates on the latest blog postings.
Cyber security truly is a business imperative that Caterpillar has integrated into its business strategy. The glue that holds it all together is real people doing everything they can do to secure their future as well as Caterpillars.
The Cybersecurity Due Diligence Handbook: A Plain English Guide for Corporations Contemplating Mergers, Acquisitions, Partnerships, Vendors or Other Strategic Alliances and Relationships