CEOs, cybersecurity and data privacy

How leaders should think about cybersecurity

Painted chain-link fenceCEOs’ understanding of and approach to cybersecurity and data privacy has changed. A few years ago, they might have felt that it was a technology concern to be addressed by their CIO. Now? “It’s a governance issue,” says Johnny Lee, a principal in Grant Thornton’s forensic advisory services practice. “This is a business risk, and it needs to be dealt with in the same way that disaster recovery and large scale regulatory changes are dealt with.”

Lee also points to the need to shift from a focus on cyber defense to a commitment to cyber resiliency. “Defense is important, imperatively so,” Lee says. “But when there is an event, have a memorialized plan that you have practiced so you can bounce back.”

With stringent data privacy regulations now passed in the EU and in California, and with other jurisdictions sure to follow, Lee also thinks that CEOs need to take a leadership role in understanding data privacy concerns—and potential related advantages. “It’s no longer just about embarrassment from a compromise involving your customer’s data, this is about a competitive advantage if you have a better command of all the data at your disposal in the organization.”

Listen now to learn more about how CEOs should be thinking about cybersecurity and data privacy today.

Insight Exchange GT logoThis article is part of an exclusive content series for Grant Thornton’s Insights Exchange, where you will be connected with peer executives and leading experts to share best practices and solutions to help build tomorrow’s organizations today.


Johnny LeeJohnny Lee
Principal, Forensic Advisory Services
T +1 404 704 0144