My good friend, Hannah Simmons, used to be CFO at a large multinational food company. If you’ve read Whaling for Beginners, you’ll know how my simple (careless) mistake sparked a chain of events that led to her getting pushed out of the company.
I downloaded an innocent looking attachment (which I shouldn’t have – but as the CEO I thought I was immune to cybercrime). It infected a presentation I gave to Hannah. She didn’t quite follow company procedures for outside flash-drives and... you get the picture.
Before she knew it, she was in the board meeting from hell. She emailed me about it and is happy to share some of it with you.
“I was to be the scapegoat that much was clear from the start. I had limited support. One non-exec was on my side and he told them straight that every member of that board had almost certainly broken the rules, as I had. That they’d probably done it many times but nothing bad had happened then. What happened to me was an accident waiting to happen... so, why was I being singled out?
“It was no good, our new CEO had clearly made up his mind – he was terrified of the security-breach hitting the headlines during his first month in the job. He knew the stock price would tank and he didn’t want his name associated with that. First impressions count when you’re a new CEO and bad headlines tend to stick. They stick to people. So, I had to go. If the story broke, then the dirt would stick to me and hopefully go with me. I got that – I didn’t like it, of course, but I understood the blunt logic of it.
“But the problem is they’re blinding themselves to a more fundamental issue than one person’s error: the fact that cyber-security has always been low down on the agenda – something the IT guys do. That non-exec said they were all culpable, all careless and guilty of lax standards. It didn’t help me and he was brave enough to resign in solidarity. I was astounded and wish there were more people like him on boards – then, maybe, there’d be less complacency and less vulnerability.”
I couldn’t agree more.
Read other posts in this series
You can't trust fake presidents
Reputation, reputation, reputation: what matters most to us all
The perils of personal passwords for LinkedIn accounts
Read more about the board meeting from hell - get the full story: Whaling for Beginners Books I and 2 available now.
See our RESILIA™ section for more information about cyber resilience.