When Cybersecurity Costs Lives

When Cybersecurity Costs Lives

Cybersecurity tools are important for lowering the risk of a data breach. However, if those tools are put in place without considering business outcomes, it can harm organizational goals and even, in some cases, cost lives. In the healthcare industry, for example, steps taken to recover from a data breach can lead to a drop in the quality of care. However, no matter the industry, if cybersecurity tools and businesses goals are not aligned, there will almost always be negative consequences for that business.

A study published last year in the Health Services Research Journal found that after a hospital experienced a data breach there was, on average, an additional 36 deaths from heart attacks per 10,000 patients. One of the main factors that contributes to this is a delay in treatment because of new security policies following a breach. Common tools used after a breach include additional sign-in measures such as multi-factor authentication, or automatic logout after a period of inactivity. So if someone comes into a hospital with chest pain, for example, these extra security measures delay the ability for doctors and nurses to register the patient and access health records. This is especially important to consider now, given that hacks against the healthcare industry have risen since the COVID-19 pandemic began.

Of course, this isn’t to say that there shouldn’t be any additional security measures in place after a breach Instead, the point is that it is important to align cybersecurity processes with overall business goals — even when the stakes aren’t as high as saving a life. The key is to begin with your desired business outcomes and look at the cybersecurity risks that can negatively impact those goals.  Then, only once you know your specific risks do you design or apply tools that limit those risks without negatively impacting the business. This requires strong governance and communication between IT and business leadership.  Failure to focus on the interplay between cybersecurity and business goals both weakens the security posture and weakens business outcomes. And that’s not a prescription for a healthy strategy.

Supply Chains — Your Weakest Link?

With COVID-19, all businesses are getting their bearings in uncharted territory.  Trying to work through the changing restrictions.  Managing remote work forces.  Adapting to changing client needs.

As you go through your business continuity checklist or contingency plans, don’t forget to include your suppliers and related third parties in your considerations.  You might have the resources to weather this, but do they?  And, if a critical vendor to your supply chain is unable to deliver what does that do to your ability to deliver?

Make sure you take the time to evaluate your supply chain.  If you haven’t done so already, at minimum, take these steps:

  1. Prioritize your supply chain vendors: Go through all your vendors and ask yourself what would happen to your business if the vendor could not deliver.  Prioritize each vendor based on the risk they pose to you should their commitments fall through.
  2. Get on the phone with your highest risk vendors. Talk with them about this current situation.  Learn what strategies they have in place to respond to any potential disruptions to their workforce, operations or critical third-parties they have.  Get details and be prepared to probe as if they were part of your business.  Because, after all, they are.
  3. Treat those vendors like a partner. At this point, you need each other.  Be prepared to restructure deals or assist in other ways to help your vendor keep up its commitments.  It will help you keep clients and pay off in spades down the road.
  4. Don’t let quality control fall by the wayside. When stretched, certain things might fall short.  However, at the end of the day, you want to make sure you are delivering a reliable product to your customers.  Make sure you continue to do the right things to ensure your vendors are providing a quality product.
  5. Make contingencies. Some vendors will be there with you and for you (and you for them).  Some will not be able to.  It’s important to review the contractual commitments you have and to explore alternatives.  It may not be easy to switch horses in mid-stream, especially when the stream is raging, but you may not have any choice.

Napoleon once said that an army marches on its stomach, meaning that it is critical to focus on making sure it is well provisioned.  One could say that a company, indeed the entire the economy, marches on its supply chain.  Make sure you understand where it is strong and especially where it is weak.

The time you spend with your supply chain might make all the difference.