Boardroom cyber expertise comes under scrutiny>
Security Intelligence – IBM – Jonathan Reed
The article discusses the concerns of businesses regarding cybersecurity, particularly focusing on the role of board members in addressing cyber concerns.
It highlights the data protection, compliance, risk management, and ensuring business continuity as significant drivers for cybersecurity.
It points out that despite the importance of cybersecurity, a small percentage of Chief Information Security Officers (CISOs) report directly to the CEO.
This underlines the challenge of engaging board members in cybersecurity matters, compounded by the reported knowledge gap between CISOs and the board.
The US Securities and Exchange Commission (SEC) has expanded its enforcement of cybersecurity controls and disclosure requirements.
The proposed SEC Rule 10 would mandate public companies to report material cybersecurity incidents and disclose their cybersecurity risk management policies.
The article emphasizes the need for educating board members on cybersecurity issues using tangible, easy-to-understand parameters and financial terms.
It suggests that providing board members with clear information about the real-world risks and costs associated with cyber incidents could enable informed discussions leading to effective cybersecurity strategies.
The article provides specific percentages such as the decrease in the percentage of CISOs reporting directly to the CEO from 8% in 2022 to 5% in the year mentioned.
It also mentions the magnitude of fines imposed by the SEC, ranging from 425,000 to 35 million for various financial entities.
Additionally, it references an average loss exposure of 5\)5 million for the healthcare sector, given a probable annual likelihood of 9% and an average loss of 40 million.
These percentages and figures are used to illustrate the financial implications and potential risks associated with cybersecurity, aiming to help board members understand the business impact.
Link: https://securityintelligence.com/articles/boardroom-cyber-expertise-scrutiny/
Boardroom cyber expertise comes under scrutiny
Categories:
Tags: