Cybersecurity and the Board of Directors
What are corporate Boards doing about Cybersecurity? Several well-publicized recent events are increasing the visibility of cybersecurity. The ransomware attacks on Las Vegas and recently ICBC bank, along with the SEC action against Solarwinds, have drawn the attention of CISOs and security experts, and should be a wake-up call to business leaders worldwide.
Both anecdotal evidence and recent studies suggest Boards are becoming more concerned about cybersecurity. Some studies suggest anywhere from 50 – 90% of Board members are concerned, which matches well with anecdotal evidence.
It’s also clear the Security and Exchange Commission (SEC) is taking cybersecurity more seriously. In addition to the Solarwinds action, the SEC has also proposed new rules that would significantly increase public companies’ reporting of cybersecurity breaches and oversight practices.
Unfortunately, when it comes to Boards, there still seems to be a significant gap between talk and action. While businesses are clearly spending more each year on cybersecurity, in general the numbers represent a paltry investment.
领英推荐
Many Boards still do not have a dedicated cybersecurity committee, and most do not have a cybersecurity expert as a member. A recent study by the EY Center for Board Matters found that the average company spends 0.6% of its revenue on cybersecurity, and only 12% of companies spend more than 1% of their revenue on cybersecurity.
Here are some specific ways that corporate boards can take more action on cybersecurity:
The key to effective oversight will be viewing cybersecurity as a strategic issue, understanding the economics of cyber risk, and incorporating cyber risk expertise into board oversight. Cybersecurity is becoming a core business issue for which the board now has an obligation to quantify risk and identify actions to mitigate it.
Co-Founder, BondingAI.io
1 年See also "Real-Time AI Threat Detection Using Kafka", at https://mltblog.com/47tLgja