Dear Business Leaders,

Cybersecurity is one of the biggest existential threats to modern business, yet it remains a blind spot in too many boardrooms. Look around your next senior management meeting. Is there a member of your senior management with responsibility for IT security at the table? If not, why not?

Security is not just an IT department issue. Get it right or get it wrong, and it has ramifications for every business function—impacting revenue, reputation, resilience, and even regulatory survival.

At Spitfire, we work with businesses daily to deliver secure, high-performance connectivity. We see first-hand the risks companies are taking with their networks, data, and infrastructure. And we see the fallout when those risks materialise—ransomware attacks shutting down operations or data breaches eroding customer trust.

Yet too often, it is only after an attack that boards start asking questions: Why did we not see this coming? Who was responsible? How much is this going to cost us? By then, it is too late. A member of your senior management team with responsibility for cybersecurity at the boardroom table could have identified the warning signs, anticipated threats, and taken steps to mitigate risks before they escalated.

Why Security is a Leadership Issue

The greatest mistake boards make is believing security is a problem for IT to manage in a silo. It is not. Cybersecurity is a business risk just as critical as financial mismanagement, supply chain vulnerabilities, or regulatory non-compliance. Leadership must take ownership of security strategy rather than delegating it entirely to technical teams.

A member of your team managing cyber threat across the business is not simply there to explain security threats. Their role is to align security strategy with business objectives and ensure the organisation is making informed decisions about risk. Business leaders should be asking:

• How do security policies directly affect revenue and operational resilience?
• What are the financial and legal consequences of a breach?
• Which emerging threats could disrupt business operations in the next 12 to 24 months?

Avoiding these discussions does not eliminate risk. It simply leaves the organisation unprepared when the inevitable occurs.

In my experience, looking at cyber-focussed frameworks or certifications – including Cyber Essentials and ISO 27001 / 27002 – provide a solid foundation of what businesses need to consider regarding cyber threats and bolstering defences.

The Weakest Link in Telecoms: Network Security

For organisations that depend on telecoms and connectivity, security is not just about data protection—it is fundamental to uptime, reliability, and trust. However, many businesses overlook serious vulnerabilities in their networks:

• Unsecured connections that expose critical systems to attacks.
• Weak remote access controls that create easy entry points for cybercriminals.
• Poorly segmented networks that allow threats to spread without containment.

These risks are not theoretical. Cybercriminals are increasingly targeting telecoms infrastructure as a gateway to disrupt entire industries. A single unsecured network is potentially an operational failure waiting to happen. It can allow attackers to move laterally across systems, disrupt essential services, and compromise critical infrastructure, leading to cascading failures across an organisation’s supply chain and partner ecosystem.

Telecoms providers must set higher security standards—not just for their own infrastructure but for the industry as a whole.

Ransomware: The Foreseeable Crisis

If there’s one cybersecurity issue the board should be laser-focused on, it’s ransomware, because it is a clear and present danger to every business. The numbers don’t lie:

• In 2023, ransomware accounted for approximately 7 in 10 of all reported cyberattacks worldwide.
• The average ransom in 2024 is $2.73 million, an increase of almost $1 million from 2023.
• The most common tactics bad actors use to deploy ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities.

Boards that do not have a clear strategy for preventing and mitigating ransomware attacks are failing in their responsibility to protect the organisation.

Organisations that neglect security as a strategic priority are already at risk. A senior member of the team at the leadership table ensures that security is integrated into business strategy, risk management, and investment decisions. This person:

• Guides security investments, ensuring the organisation is prepared for actual threats rather than just meeting compliance requirements.
• Bridges the gap between security teams and executives, ensuring leadership understands the implications of security risks.
• Ensures accountability for security-related decisions and their impact on business objectives.
• Acts as an early warning system, identifying and mitigating threats before they escalate into crises.

Security leaders are not just responsible for risk management. They enable business continuity, build trust, and ensure that security is a competitive strength rather than a vulnerability.

In the telecoms industry, we must ensure business continuity in an environment where connectivity underpins everything. Businesses that treat security as a secondary concern will not only be vulnerable to attacks but will also struggle to maintain service reliability, compliance, and customer confidence.

A poorly secured network is both a weak point and a liability that can lead to operational downtime or service disruptions. The cost of mitigating security failures after the fact far exceeds the investment required to prevent them in the first place. In addition to network security, the growing shift to the cloud is increasing the risk for businesses with malicious actors now having a new attack vector.

So, I urge you to keep security front and centre. It’s an operational necessity. With the right approach, you can operate with confidence, adapt to future challenges and transformation projects, and, most importantly, ensure an uninterrupted flow of services that your customers and industries rely on.

I strongly believe that organisations that embed security into their strategic plans will unlock new opportunities for growth – as well as protect their operations effectively.

Security is a prerequisite for success in a connected world.

As published in Security Matters