Cybersecurity CEO


February 2018 is where CEOs get the big picture on cybersecurity. Robert Herjavec, founder and CEO at Herjavec Group, and a Shark on ABC’s Shark Tank, provides insights in his official blog. Press Release


Blockchain technology is here to stay

Secure digital ledgers are the center of the financial universe

Robert Herjavec

Los Angeles, Calif. – Feb. 15, 2018

It’s time to clear up the confusion and spur more conversation at the C-Suite level about Bitcoin and Blockchain.

Bitcoin (the cryptocurrency), and blockchain (the secure ledger technology), are vastly different entities that are far too intermingled by the media that report on them. Think of blockchain as a secure digital ledger that keeps track of every single transaction of any particular asset (ex: Bitcoin) – like links on a chain. Any time a new transaction is made, another chain link is added. The best part of this technology is that transactions cannot be altered! This provides a significant measure of trust in the transactions that have taken place.

I know two things to be true:

  • There’s no doubt that bitcoin is going to crash one day.
  • But there’s also no doubt that blockchain technology in terms of the payment system will last for a long time.

I’m not the only one who shares these views.

Billionaire businessman Warren Buffett concurs with my opinion on Bitcoin and believes cryptocurrencies will end badly. He recently told NBC’s Squawk Box that he doesn’t own any Bitcoin, and he has no plans to. Blockchain, however, is an altogether different story for Buffet, and he’s placing a big bet on it. BNSF Railway Co, a unit of Buffett’s Berkshire Hathaway Inc., recently said it has become the first major U.S. railroad to join the Blockchain in Transport Alliance.

I firmly believe that blockchain is not only going to disrupt the transportation industry, but also real estate, contracts, all kinds of technologies. Oracle claims that Blockchain is one of today’s most disruptive emerging technologies. So as an investor, I like the fundamental basis of it.

Steve Morgan, Founder and Editor-in-Chief at Cybersecurity Ventures, agrees. “Blockchain is a fundamental business enabler. It will be the big gainer for many organizations globally. The technology promises to break down geographic and monetary boundaries.”

Want to see blockchain in action? Check out Mojaloop – the new open source software launched by The Bill and Melinda Gates Foundation. Their venture uses blockchain technology developed by a new startup called Ripple (which uses blockchain for global payments) to help expand access to financial services in developing countries. Seriously – How cool!

It’s one example but I believe that in the near future, we’re going to see a monumental transition in how financial transactions are conducted. We will see a day where you can pay for things through the Cloud, through your phone, but completely open online. Electronic funds will be traded using blockchain and even banks will shift slowly. But we’re still a long way from that.

There’s also been a lot of talk amongst cybersecurity professionals about using blockchain for identity and access management in the coming years. Instead of different institutions controlling different pieces of an individual’s personal data, it will be the individual that controls all that information. This allows us to present the minimum amount of identifying information needed to make a secure transaction.

However – blockchain isn’t a complete cure-all solution for enterprises just yet.

C-Suite executives should be engaging with firms deep in Blockchain technology and doing their homework. Deploying and leveraging this new platform will require a major investment, and experienced staff, from the mid-sized to large organizations investing into it.

As Steve Morgan says, “We’ve seen organizations successfully transform their IT infrastructures to the cloud. And we’ve seen colossal failures. Blockchain will be the same.”

I’m inclined to agree. My suggestion is to continue to look for the right identity tools/applications for your enterprise’s unique infrastructure and scenario.

I often liken the Internet to electricity – you only notice it now when it’s not working. Blockchain will have that degree of impact. At the end of the day, like the Cloud, and even the Internet, blockchain is here to stay!

To Your Success,

Robert Herjavec

Robert Herjavec is founder and CEO at Herjavec Group​, a Managed Security Services Provider with offices and SOCs (Security Operations Centers) globally.

Stay tuned for the Mar. 2018 edition of Cybersecurity CEO.


January 2018 is where CEOs get the big picture on cybersecurity. Robert Herjavec, founder and CEO at Herjavec Group, and a Shark on ABC’s Shark Tank, provides insights in his official blog. Press Release


When your company gets hacked, will you be prepared?

New report indicates cyber complacency is a growing problem in corporate boardrooms globally

Robert Herjavec

Los Angeles, Calif. – Jan. 16, 2018

“Every company will be hacked”, according to Roger Grimes, in a recent story he wrote for CSO.

It’s a scary statement to make but Grimes, a 30-year tech industry road warrior who spent the past 11 years as Principal Security Architect at Microsoft, knows his stuff.

I’ve been guilty of making similar bold statements and leveraging the “when, not if” hacking scare tactics but I’m finding more and more that the tone has changed when executives are speaking about cybersecurity. It’s a far more proactive dialogue around “How ready are we?…really”.

It’s hardly a surprise then that cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This dramatic rise only reinforces the sharp increase in the number of organizations unprepared for a cyber attack.

DDoS attacks, ransomware, and an increase in zero day exploits are contributing to the cybercrime damages prediction becoming a reality. What really worries me though, is that all the hype around cybercrime – the headlines, the breach notices etc. – makes us complacent. The risk is very real and we can’t allow ourselves to be lulled into a sense of inevitability.

I say it all the time, but it’s worth repeating in this forum — We all have a role to play in how we protect our businesses from the accelerating threat of cybercrime! And it isn’t just hacks and data breaches that CEOs need to be concerned with. Compliance will be the biggest driver of security in the coming years. I firmly believe compliance drives over 50% of the market today.

Take for example the General Data Protection Regulation (GDPR), which applies to anyone, literally any company in the world, who receives data from the EU. What’s scary about the GDPR is the financial risk associated with non-compliance.

Organizations found to be non-compliant can be fined €20 million or 4% of annual global turnover, whichever is greater. Despite the warnings and the looming compliance date (May 25, 2018), we continue to see companies around the world struggling with the premise. This is a real directive, with aggressive implications and you need to be ready.

GDPR is one of numerous compliance mandates that organizations globally are grappling with. There’s DFARS, NYCRR 500, FISMA, GLBA, SOX, and others.

Don’t let me be the only warning…

Heather Engel, the Chief Strategy Officer at Sera-Brynn, a global cybersecurity audit and advisory firm, was quoted as saying, “If GDPR were an asteroid hurtling towards the United States, those directly in the strike zone would be large, multinational companies”.

Feel the pain now?

So what are you going to do about it?

I get asked all the time – what advice would you give to CEOs? And it always comes back to cybersecurity for me. CEOs today have to become cyber aware, empower their teams and ask the right questions. They MUST be discussing their cyber defense in the boardroom.

The alternative is to wait until after their company is cyber attacked, when it becomes a discussion centering around PR damage control and reputational harm. You plan your corporate strategy years in advance, why not be proactive with your cyber defense?

To help CEOs prepare for the boardroom discussion, my firm, Herjavec Group, has published “Cybersecurity Conversations for the C-Suite in 2018”. The guide covers 5 conversations a CEO should have with their CIO and CISO, and then loop in the COO and CFO to get the cyber defenses and budgets lined up to each other.

The 5 Cybersecurity Conversations CEOs should be having:

  • Reviewing readiness for compliance requirements – especially GDPR
  • Evaluating cyber insurance policies in advance of a cyber incident
  • Using purple-teaming for greater incident response planning
  • Establishing a strong cyber hygiene program
  • Strengthening mobile and IoT security in your corporate environment

The most important point I can raise is the most basic – it comes down to cyber hygiene. There should be governance around your patching and system updates. In the event of a cyber attack, it will be unacceptable for C-levels to blame the IT department. Every team needs to report on it and the executives need to be aware and feel accountable for the organization’s cyber hygiene.

The goal of our report, and of this new blog, is to spur conversation and share lessons learned from my experiences across the industry. After reading these thoughts and our Cybersecurity Conversations for the C-Suite report, I’m hoping that you’ll kick start those conversations with your direct reports, and executive peers.

If you’re already having them — great. If you don’t have a plan to address each area – make one!

You should feel comfortable tabling each of these topics in your next board meeting.

Make the first order of business for 2018 – Cyber Defense!

To Your Success,

Robert Herjavec

Robert Herjavec is founder and CEO at Herjavec Group​, a Managed Security Services Provider with offices and SOCs (Security Operations Centers) globally.

Stay tuned for the Feb. 2018 edition of Cybersecurity CEO.


© 2018 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.