“Any business activity without a strategy is heading for disaster in the long term, and cybersecurity is no exception. Having an approved information security strategy, even a simple one, is already bringing coherence. Trust and reputation are forged over time, and having a strategy in place is the first step.” 

Jeremy Richard is the Chief Information Security officer at Groupe Mutuel and is an information security professional with over ten years’ experience holding key security positions in international groups. Prior to this, he was Head of Information Security at Gameloft (Groupe Vivendi) in Montreal, Information Security Manager Europe at Publicis Groupe and CISO at Foundever. Jeremy began his career as a security consultant, with assignments in the banking and e-commerce sectors. He holds a master’s degree in information security, obtained after various international exchanges in France, the UK and Spain. 

Carry on reading and enjoy our interview with Jeremy after which you will gain a much better understanding of how businesses should approach cybersecurity due diligence during mergers and acquisitions or what role cybersecurity strategies play in shaping corporate reputation and trust? You will also gain valuable insights into the best practices for building a culture of security awareness across an organization and what the critical factors are for a successful partnership between business leaders and security teams? 

How should businesses approach cybersecurity due diligence during mergers and acquisitions?

When making an acquisition, cybersecurity must be seen as a decision-making factor like any other. Taking cybersecurity aspects lightly can have major repercussions over the long term: integration of solutions that are no longer supported and that support critical processes, vulnerabilities exposed on the Internet giving access to the parent company, intellectual property leakage reducing the competitive advantage of the acquired company. Cybersecurity due diligence must become a business lever for negotiation and decision-making. 

What role do cybersecurity strategies play in shaping corporate reputation and trust?

Any business activity without a strategy is heading for disaster in the long term, and cybersecurity is no exception. Having an approved information security strategy, even a simple one, is already bringing coherence. Trust and reputation are forged over time, and having a strategy in place is the first step. 

How can organizations align their cybersecurity strategies with their overall business objectives?   

The first question is: how can cybersecurity support my business? Certification, customer confidence, regulatory compliance, protection of important data? This is the starting point for defining the strategy to adopt, the priorities to give and the objectives to set. 

What are the best practices for building a culture of security awareness across an organization? 

From my point of view, the three keys factors to an effective security culture are: listening, accessibility and communication. 

  • Listening: being able to understand business issues and analyse the associated risks. 
  • Accessibility: having communication channels available so that all employees can contact us according to their needs (project analysis, contract review, general cybersecurity questions). 
  • Communication: define a coherent multi-year communication plan addressing cyber risks. 
What are the critical factors for a successful partnership between business leaders and security teams?  

For me, the key factors in a successful partnership are exchange, pragmatism and trust. 

  • Exchange: it’s important to maintain a channel of communication to understand the ins and outs of projects and strategy, with the ultimate aim of understanding their needs. 
  • Pragmatism: it’s imperative to adapt resources to the issues at stake, and to be able to adapt processes that may be too resource intensive. Always keep the ROI factor in mind. 
  • Trust: This is a crucial point, especially in a crisis situation. It saves time and allows you to work calmly. Trust is an essential success factor, especially in cybersecurity.