When working with CEOs, I like to use a safety program within an organisation, running parallel with the cyber security program. In a number of industries, having a safety program is required but it’s a good idea for all companies to have one.
A former colleague once managed such a program for a small trucking firm. The company had under-invested in prevention of accidents, training and awareness, and managing driver sleep time between shifts. The risk of under investment was raised repeatedly without appropriate action taken. An incident finally occurred involving a gas truck, an overpass and a Volvo heading home. The results were devastating.