This question, of main challenges, was asked to me as part of the Quantic MBA CTO session I recently delivered. I have a subtle variation of this question that I ask when performing due diligence which is “what keeps you up at night?”. Through this, I want to know their top concerns and what transpires is usually things outside of their direct control.

The common answer is centered around security and it usually boils down to the same sentiment “Am I doing enough?”. The simple answer is NO.

The nightmare scenario is waking up to your enterprise being held to ransom, from some hacking group, demanding Bitcoin to restore normal operations. Change Healthcare suffered a major security event in early 2024 creating chaos in the healthcare – simple steps were missed (for example lack of MFA).

I liken security to a house burning down. In the USA, on average 354k households experience a fire event and with approximately 120M households that means, the chances of experiencing a fire is 0.2%. Very low – which is why fire extinguishers are still not that common in your average kitchen – is that wise though?

Should the unthinkable happen, it can be devastating – life changing. Yet only a $40-50 investment, you can mitigate the impact. Security invokes the same reaction and the same economics – preventative measures are so much cheaper (and easier) to implement than dealing with the aftermath.

Many organizations do a general arm-waving cursory nod to checking the security boxes – however until they experience an actual security event, they don’t realize how unprepared they really are. The irony is that most attacks originate from disgruntled employees – who know where all the weak parts are.

Take this small litmus test – when your last team member left, how long did it take for you to cycle and reissue ALL the credentials and keys? The day of their departure, a few days later, or have you still got a few that changing would create too much disruption?

When dealing with security events, the mindset should never be “if” but “when“. Never assume that hackers will not be interested in your data or systems. As a CTO, it is your responsibility to provide as safe and secure environment as possible for your employees and customers to transact in.

This is just one of the many challenges that keeps us all up at night.