As cybersecurity becomes an ever more present threat, the need for C-level leadership has become increasingly apparent. Intense, high-volume security breaches broke out across 2017, including the massive incidents at Equifax and Yahoo, as well as the global WannaCry ransomware outbreak and even a hack at Uber. Fittingly, corporate boards have responded with an increased interest in taking up the cybersecurity discussion, according to research from law firm Akin Gump Strauss Hauer & Feld.
However, boards taking up the task of cybersecurity still has an enormous swath of ground to cover. In fact, according to this year’s Global State of Information Security Survey by PricewaterhouseCoopers, board members — by their own admission — have little confidence in their companies’ cyber savvy. Fewer than 39 percent expressed confidence in their companies’ ability to detect and trace threats. A little more than half of the organization surveyed claimed to have a chief information security officer on their payroll, indicating less than a full commitment to cybersecurity initiatives as a corporate priority.
Survey respondents were split on the most pressing risks to their businesses, with 40 percent citing operational disruptions while another 39 percent went with a compromise of sensitive data. But most boards have a road to travel in shutting down either of those risks, among many others.
A few critical actions to take include:
- Creating executive leadership: The full leadership team needs to be at the forefront of cybersecurity efforts and championing the process.
- Creating dedicated leadership, typically in the form of the CISO: If hiring a CISO creates an unrealistic cost burden, it’s also possible to have a third party designate one to support your company.
- Tightening up plans and procedures: Consistent governance is critical, and it requires clear, documented policies for business continuity, breach response and other protocols.
- Deepening assessment: Systems can’t be protected against risks if those risks aren’t fully understood.
Lunarline is prepared to help with all aspects of improving your cybersecurity management and leadership. In addition to offering designated CISOs-as-a-service, we provide consulting for cybersecurity governance, perform in-depth audits and assessments and run a full range of education programs for technical and non-technical professionals alike.
For more information on how we can help you, contact Lunarline online today.