Investigation of CEO/President's Experience and Perspectives of Cyber Security Risk

Cyber security breach costs continue to escalate globally beyond $500 billion. Any size business operating on the internet/world wide web expose itself to malware, hackers, software viruses, worms, human errors, and etc. The responsibility to mitigate those cyber risks now rests solely with the leaders of all organizations regardless of those executives' acuity of cyber security vulnerabilities. Three new concepts that assign proportional liability to software and hardware manufacturers, integrate CEO cyber security performance and pay metrics into current evaluation criteria, and close the gap in senior business cyber risk mitigation knowledge could help to secure critical assets and reduce losses. The problem addressed was that business leaders and cyber security professionals failed to utilize risk management strategy to protect valuable assets from malicious hackers and thieves. The purpose of the study was to investigate CEO and Presidents' experience and perspectives related to cyber security risk management decisions to determine which theories might contribute to CEOs and Presidents' experiences and perspectives of cyber security risks and decisions associated with the mitigation of cyber security risks. The participants were current and former CEOs and Presidents with authority to make cyber security risk management decisions in both public and private sectors. A multiple design method with a short survey and an in-person interview attempted to gain insight about CEOs and Presidents' cyber security experiences and perspectives. The two different methods were triangulated to determine any consistencies. The results demonstrated that CEOs and Presidents neither understand the concepts of risk management theories nor implement the concepts of risk management. The study recommends establishment of liability sharing responsibility for hardware and software manufacturers, integration of cyber security metrics into CEO and Presidents performance and pay metrics, and integration of a CEO and President education blocks into business cyber training curriculum. Cyber security, Homeland security, Risk Management, Financial Management, Business Leadership, and Public policy researchers should focus on relating cyber investment to the capital loss prevention similar to a return on investment model. The multi-pronged approach provides an opportunity to significantly reduce business loses associated with cyber breaches, assign proportional responsibility for cyber vulnerabilities, and incentivize CEOs and Presidents to implement comprehensive cyber risk management strategies.