CEO Voices: Making Sense of Cyber Security

08/07/2018
By Dale Buss
Chief Executive magazine

This article is the fifth of a series sponsored by PNC Bank engaging with CEOs from around the U.S. on some of the most important topics facing business leaders today. Part one focused on tax reform and global competitiveness, part two looked at mastering technologypart three examined strategies for growth and part four discussed why some CEOs are still focused on cost-cutting, despite the strong economy.  

After thousands of companies big and small have been hit by financial theft and loss of customer trust in the wake of cyber attacks, CEOs almost universally have embraced a more aggressive approach in taking action to reduce the risk of such a disaster happening on their watch.

For most CEOs, taking cyber-security more seriously means mounting better defenses against Internet criminals who steal information and money from wherever they can. For a more limited but growing number of CEOs, expanding cyber-security threats also present new-business opportunities as their companies learn to cope with them – and then sell their new expertise to others.

Eighty-three percent of CEOs are concerned about cyber threats, according to PwC’s 2018 survey of chief executives. An EY survey showed that 70 percent of CEOs believe they require up to 25 percent more funding to counter future digital threats effectively.

At the same time, according to KPMG’s 2017 CEO survey, about three-quarters of company leaders view rising cyber-security challenges as an opportunity to find new revenue streams and innovate.

Here are three CEOs who are taking both defensive and offensive approaches to cyber-security:

Larry Heard, CEO, Transwestern: As a transaction-based company that works on a high volume of deals every day that have lots of access points and require interactions with many people, the Houston-based commercial real-estate giant faces cyber attacks from a variety of sources and methods.

But Transwestern absolutely must stay ahead of the game, Heard says. “We have invested in a highly skilled team that focuses exclusively” on cyber-security issues. “Our team’s comprehensive training enables us to stay ahead of the latest trends and

methods of attack. Our company’s commitment to the protection of our resources is paramount, and we will always strive to improve our security defenses.”

Transwestern has never lost money or had client information compromised digitally. But phishing attackers continue to advance their attempts to breach corporations.

The company fights back in a number of ways. One is protocols for manual controls such as requiring voice contact to confirm transactions, address changes and other activities that produce information which could be vulnerable to cyber-thieves. Heard also focuses on making sure that Transwestern employees understand how crucial they are to cyber defenses.

“We have initiated a program to educate team members on identifying individual breach attempts, as well as simplify and expedite our ability to eliminate threats,” he says.

An emerging area of concern is the increase in “smart” buildings that rely on data, sensors and electronic connections via the Internet of Things. “That trend is generating millions of pieces of data about how a building operates that is essential for streamlined operations and management, but that information could be used for many purposes,” says Kurt Emshousen, Transwestern’s chief administrative officer.

Josh Smith, CEO, Metova: A fast-growing technology company based in Little Rock, Arkansas, Metova provides two core services. One part provides coding and other commercial software and digital services for applications ranging from Software as a Service (SaaS) to connected vehicles. The other provides cyber-security services to the Department of Defense.

In fact, services to the federal government for cyber-security grew so fast that the company recently split into two parts, Metova and Metova Cybercents. “The growth in defense contracts has really taken off in multiples,” Smith says. “And that operation is being pulled into larger opportunities as well.”

Metova Cybercents is based in O’Fallon, Illinois, and in 2016 started driving sales of its cyber-security training platform that already was more than a decade in development and now analogous to “the ‘Windows’ operating system in this area,” Smith says. “There are more competitors, but it’s got a… head start.”

This expertise, and the overall growth in U.S. defense spending, clearly highlighted the value of breaking off the Cybercents outfit under independent management by long-time Metova executive John Adams.

Phil Shawe, CEO, TransPerfect: Global growth is so blistering for the New York City-based translation-services company and has been so strong that it has broken sales records for two quarters in a row. But along with rapid expansion in sales and profits have come unprecedented  challenges from cyber-threats. “Cyber-security has become a huge topic for us,” Shawe says.

TransPerfect works with thousands of contract translators around the world to render output by big clients into many languages. The company also has a huge electronic discovery business, in which it culls hard drives for documents that will help clients in legal cases.

Shawe butts up against cyber-security threats in a number of ways. To help keep customers’ data safe as it is communicated to and from translators to TransPerfect and its clients, the company has implemented strict controls known as Information Rights Management, end-point management and PCI certification to protect against cyber breaches. It also has been working with clients to make sure all their documents are protected under the European Union’s new Global Data Protection Regulations.

Shawe also has been leveraging the robust capabilities of TransPerfect technologists employed in the e-discovery unit that focuses on investigations for discovery in lawsuits. TransPerfect has responded to the growing expertise of its technology team in penetration testing client by setting up a new business unit to offer advice and consultation in that particular area of cyber-security.

“We provide this cyber testing as a value-added extension of our other services,” Shawe explains. “So far it does about $55 million a year in business” and is contributing significantly to the overall growth in TransPerfect to a $700-million run rate so far in 2018.