Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The future of cybersecurity hinges on boardroom engagement today

Sugiarto Koh, Director for Cisco's Security business, ASEAN region | July 7, 2015
It is time for organisations' top leaders to be actively engaged in enterprise defence.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Cyber-attacks are increasingly becoming more sophisticated and discrete. Take a look at some of the more recent cyber-attacks to have hit well-known companies in 2014 alone – eBay (hackers managed to steal the records of 233 million users); Apple (leaked images due to a targeted attack on the iCloud service); Sony (massive attack that wiped its entire network online) and Microsoft (Xbox services disabled by attackers on Christmas day).

The World Economic Forum has flagged cybersecurity as one of 2015's biggest risks, largely due to an increasing number of devices being connected to the Internet in the Internet of Things. It has also been estimated that cyber-attacks costs businesses as much as US$400 billion a year, both from the damage itself and to the subsequent disruption of business.

Isn't it time that organisations' top leaders are actively engaged in defence? Granted, the vast majority of enterprises have an executive with direct responsibility for security. But for modern businesses, security leadership needs to ascend even higher in the organisation: to the boardroom.

Bosses focus on shoring up their defences
Recent data breaches, together with more legislation and regulation related to data security, geopolitical dynamics, and shareholder expectations are all factors making cybersecurity an agenda item in the boardroom.

A report by the Information Systems Audit and Control Association (ISACA) revealed that 55 percent of corporate directors now have to personally understand and manage cybersecurity as a key risk area. The latest cybersecurity initiatives from the Singapore government, including the creation of a new cybersecurity agency, will likely push local figures even higher.

Given that in the modern economy every company runs on IT, an increased focus on cyber risk at the board level is a positive development, but one that is long overdue. Security is the business of every person in the organisation, from the chief executive to the newest hire, and not just personnel with "security" in their title or job description. Everyone should be accountable, and learn how to avoid becoming a victim.

A core component of the future of cybersecurity will be greater engagement by the board. Corporate boards of directors across industries need to know what the cybersecurity risks to the business are and their potential impact.

Engagement across the board
To truly understand the scope of cybersecurity issues that affect the organisation, we will likely see a rise in the number of CIOs and even CISOs on corporate boards. The phenomenon of external factors influencing board makeup isn't new. In the previous decade, we saw a dramatic increase in the number of CFOs serving on corporate boards as a direct result of the global financial crisis and an increasingly complex regulatory environment. Research by Ernst & Young found that in 2002, 36 percent of CFOs from the world's largest companies held board level roles. Ten years later, the number had risen to nearly half.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.