Cyber security: A business imperative at Caterpillar

From Caterpillar Inc. Communications- Information Security blog, July 2013

By Nate Deppermann

Imperative: something that demands attention or action; an unavoidable obligation or requirement

The ever-mounting need for effective cyber security in organizations has progressed to the point where it
is now a business imperative. A PricewaterhouseCoopers (PwC) article noted that company leaders and
boards can no longer afford to view cyber security as a technology problem; the likelihood of a cyber-
attack is now an enterprise risk management issue. This is especially true of global companies like
Caterpillar, and keeping up with sophisticated, evolving cyber-attacks must take priority.
How is this relevant to Caterpillar employees?
So why should Caterpillar employees be so concerned about cyber security if it is a business imperative
driven by company leaders? The answer: cyber threats can have a far-reaching impact on company
performance that is felt by all associated with Caterpillar. Cyber security should be driven by every
member of the Caterpillar team. Failure to consistently practice good information security behaviors puts
the company and its competitive advantage at risk. Information security breaches can seriously damage a
company and can have massive repercussions.
Consider the following examples from the PwC article referenced above that underscore what is at risk in
managing cyber security:
Lost revenue
Competitive disadvantage
Reputational damage
Reduction of shareholder value
Eroding customer goodwill

How is Caterpillar making cyber security a business imperative?
Executive Level: After reevaluating Caterpillars enterprise security, company leaders determined that a
large-scale security transformation was necessary. Funding and resources were allocated and the planning
and carrying out of the transformation is under way.

Business Unit Level: Caterpillars Global Security team provides employees with resources to help them
understand what good security behaviors are and how this impacts the real threats we face. Business units
drive the required learning completion, host guest speakers and works with Global Security for
presentations on information security.

Employee level: Employee behavior is key to protecting Caterpillar. The success of Caterpillar as a
business is driven in large part by the quality of its people and their secure behaviors. This is achieved
through understanding information security risks and ownership of information security guidelines and
the Code of Conduct. Be sure to follow this Information Security Connections community for updates on
the latest blog postings.

Cyber security truly is a business imperative that Caterpillar has integrated into its business strategy. The
glue that holds it all together is real people doing everything they can do to secure their future as well as
Caterpillars.