(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Putting cybersecurity on the executive radar | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

For all these reasons, boards now need to seize the initiative; in any case, regulators will soon demand that they do so. In the US, for example, the Securities and Exchange Commission (SEC) has already proposed that every publicly listed company should have to declare which of its board members have cybersecurity expertise, as well as details of that expertise. In Europe, the new EU Cyber Solidarity Act adds to the regulatory requirement. 

However, in terms of cybersecurity, compliance represents nothing more than table stakes; superseding this, there is an opportunity for boards to embrace cybersecurity and resilience as value drivers. Digitally transformed businesses will succeed or fail on their ability to function as trusted providers of technology-enabled products and services. Resilience then becomes a crucial element of the brand narrative, inspiring customer confidence – or, if it is lacking, triggering doubt and anxiety.  

How to get to grips with cybersecurity 

Until now, relatively few boards have recognized the urgency of these imperatives. One recent study found that fewer than one in four board members believe that there is very likely to be an attack on their organization. This smacks of complacency: the UK Government has just published data suggesting that 69% of large businesses have been attacked over the past 12 months. 

Moreover, while there are signs that boards are discussing cybersecurity more frequently, the quality of engagement is debatable. A brief quarterly update from the chief information security officer (CISO), say, is unlikely to be sufficient for boards to gain a comprehensive grasp of their organization’s cybersecure status. Rather, sustainable digital transformation requires organizations, including their boards, to focus on cybersecurity as a core capability. 

One good way to move positively towards this is via a cybersecurity audit. Organizations keen to purchase cybersecurity insurance may be required to undergo such a process to secure cover. However, even without such an imperative, an audit is worth considering as a useful reality check. If security officers can persuade boards to get involved in such exercises, they will quickly acquire a better understanding of current strengths and weaknesses. 

It is not the role of the board to develop an organization’s roadmap for bridging gaps and enhancing protection. Nevertheless, boards should be ready to hold leadership to account for the work they are doing in this area. 


Click Here For The Original Source.

National Cyber Security