Cyber risk is business risk. More from Jim, Cody, and Ben on what that means.
Watch as Ben Jacobs, VP of Engineering at Encamp, and Cody Rivers, CTO at AIS, talk about:
- Why they decided to implement a cyber risk management strategy
- What type of cybersecurity needs drove each to adopt the Trava cyber risk management solution
- The process from discovery to implementation and what they learned along the way
- What implementing a comprehensive cyber risk management program has meant to their customers and their respective businesses
- What they would tell business leaders about the importance of cybersecurity
For more about Encamp's journey to successful cyber risk management, read the complete case study.
For more about AIS's journey to successful cyber risk management for its clients, read the complete case study.
Here, BenJacobs, VP of Engineering at Encamp, and Cody Rivers, CTO at AIS, talk withTrava CEO Jim Goldman about how cyber risk is a big-picture business problem and not just an IT or security issue. Understanding that cyber risk management can help protect against real business threats has helped companies like Encamp and AIS understand and implement cyber security for SaaS companies.
SOC 2 attestation has played an important role for Cody Rivers and the team at AIS when it comes to understanding cybersecurity as it pertains to small businesses. As Rivers notes, SOC 2 isn't just about the IT department; it's about every aspect of a business, including HR, finance, and executive departments. IT acts as a sort of intermediary between these departments, but IT may not be required for a CFO to initiate a payment or for HR to create an employee account with elevated privileges.
For Ben Jacobs, VP of Engineering at Encamp, cyber risk and business risk are essentially the same thing. Of course, Jacobs notes that he's lucky to work within an organization where there's little resistance when it comes to cybersecurity and cyber risk management. This might be different for larger organizations where cyber risk may be viewed as exclusively an IT problem. Resistance to cybersecurity and cyber risk management can make it difficult to allocate a proper budget for digital risk management software and other cybersecurity measures.
The truth is, cyber risk is only one of six or seven risks that make up something called enterprise risk management. Enterprise risk management is becoming a bigger focus for companies at the board level and senior management level because there's a growing awareness that cyber risk is important and is a business risk. While cyber risk is only one part of enterprise risk management, the fact that companies are starting to understand the importance of cyber risk from a higher-up perspective is crucial.
Moving forward, enterprise risk management is something that small business owners should be aware of because it's a growing focus of enterprise companies. For SMBs in growth mode, if they want to earn the business of enterprise clients, they must be able to prove they can protect their data. Security questionnaires and compliances like ISO 27001 and SOC 2 are becoming a requirement to do business.
Cyber risk is an important part of business security, but you must look at all the risks facing your business collectively to create a comprehensive security plan.