Security crashes the boardroom party

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

This will be the year when cybersecurity concerns crash the boardroom party
and take a seat at the head of the table. The aftershocks of significant
data breaches at Anthem, Sony, Home Depot, eBay, JPMorgan Chase, Target and
many more have caused headline-grabbing business upheavals that worry
customers, affect profit margins and derail corporate careers.

This sharpening of cybersecurity focus has forced corporate boards to have
conversations they once considered too technical and back-office-oriented.
Now it's all about business risk assessment, not firewalls or data loss
prevention tools. How prepared are you to have these discussions with the
CEO and the board of directors? What are the most important questions you
should be ready to answer? Here are a few to consider:

- What actions are we taking to protect the company from the high risks
associated with cybersecurity incidents?
- What is our specific plan to address cybersecurity across our business?
Are our employees properly updated and trained?
- If (or more likely when) a breach occurs, what is our response plan?
(Internal and external.)
- Do we have the right security talent on board? Are we structured properly
to avoid (or reduce the impact of) a breach?
- Have we quantified our risk exposure? (Both hard costs and soft?)

In a 2014 report titled "Risk and Responsibility in a Hyperconnected World"
from the World Economic Forum and McKinsey & Co., the total economic cost
of ineffective security was projected to top $3 trillion globally by 2020.
That's a staggering but unfortunately plausible number. So if there's no
question that cybersecurity breaches can devastate the bottom line, why
haven't more companies acted to deal with it more effectively?

Should chief security officers report to CEOs instead of CIOs? Our own
research--the annual Global State of Information Security Survey conducted
by CSO, CIO and PricewaterhouseCoopers--suggests that they should. Our
survey of more than 9,000 respondents worldwide found that companies with
CSOs reporting directly to CEOs or boards had notably less downtime and
smaller financial losses after cybersecurity incidents.

Isn't it time to upgrade cybersecurity to a board-level risk management
discussion, not just occasionally but consistently?

What are you waiting for?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!