Across the business world, executives and other leaders are increasingly coming to appreciate the need for high-quality cybersecurity. It’s not enough to respond to incidents as they occur, or even to make cybersecurity a topic of quarterly or monthly discussion – cybersecurity must be an ongoing, around-the-clock focus.
“35% of participants’ boards of directors discuss cybersecurity every time they meet.”
Consider, for example, a recent survey of 200 corporate directors from the New York Stock Exchange and Veracode. This report found that 35 percent of participants‘ board of director meetings discuss the issue of cybersecurity every time that they meet. Another 46 percent said that cybersecurity was usually on the agenda for these meetings. Only 1 percent said that their boards of directors never talk about cybersecurity.
There are a number of factors contributing to this high-level focus among corporate leaders. Obviously, there’s the fact that cyberattacks are becoming more common, more damaging and more widely reported than ever before. Just about every company, no matter its size or sector, now possesses a tremendous amount of information that can prove incredibly valuable to cybercriminals.
Another key factor, particularly from a business leader’s perspective, is that executives will often be blamed in the event of a data breach. Perhaps most notably, Target’s CEO and CIO both resigned in the wake of the company’s data breach last year, as CSO Online reported. Naturally, such incidents will make executives cognizant of the need to protect their companies from cyberattacks.
“It’s become a really serious issue,” said Chris Wysopal, CTO and co-founder at Veracode, the source noted. “It’s not just an IT issue, or a policy issue, or a compliance issue. It’s becoming a corporate risk issue.”
At the same time, though, the NYSE and Veracode survey suggested that corporate executives are not just interested in cybersecurity, but worried about it. Two-thirds of participating board members said they are not confident in their companies’ abilities to ward off cyberthreats.
This has a number of implications. For one thing, it suggests that the frequent discussions corporate boards of directors are having on the topic of cybersecurity are not leading to sufficient improvements to organizations’ cyber defenses. This is likely due to both a lack of sufficient action on company leaders’ parts and questionable cybersecurity plans.
Speaking to CSO Online, Wysopal noted that these fears, combined with growing focus on cybersecurity, is likely cause corporate IT security budgets to grow in the coming years. This will obviously have a positive impact on firms’ abilities to protect themselves from threats. However, for these increased budgets to translate into superior defenses, companies must allocate these resources in the right fashion.
Specifically, companies must make sure that cybersecurity extends throughout the entire organization. This means that in addition to hiring more IT security talent and upgrading anti-malware and antivirus tools, businesses must ensure all employees receive security awareness training regularly. This focus on the entire workforce can greatly reduce the risk that a worker mistake will lead to a data breach, which in turn could have devastating consequences for both the company’s leaders and the business as a whole.