In last decade cyber scenario has changed, with the explosion of multi-connectivity and e-commerce opening on the Internet. This has given rise to cyber threats which are omnipresent. With the frequency of cyber-attacks growing alarmingly, cybersecurity has become necessity at Global level. The cost of an average data breach has now risen to about $4 million (IBM report).Cybersecurity expertise has become a requirement for accountability in this era of digital connectivity. In today’s evolving world, almost every type of business-Small, Medium, Large need to be aligned around cybersecurity.
In spite of the prevailing scenario, there is still a lack of awareness and specialized knowledge within the Executive-class and Board members. For senior most executives, it is imperative to apply the principles of risk oversight, to advise on strategy and help push to overcome challenges of cybersecurity gaps
The four Focus areas for Executives include – Risk management, Expertise, Communication, and Responsibility
- Risk management at its core, is practice of cybersecurity. This requires being vigilant, educating employees at all levels in the organization, identifying gaps, assessing vulnerabilities, mitigating threats, and establish resilience plans for responding to incidents / Potential breaches. The executives and Board members must have understanding of risk exposure, with context on the arrays of threats and threat actors.
- Expertise is the key to handle any complex scenario. Having internal and outside subject matter experts aligned to organization always helps. Areas of special knowledge should include- legal compliance, cybersecurity technology solutions and services, training, governance, and policy. Security awareness training is also an important mandate for everyone at any company.
- Effective Communication is key tool in every business. It is imperative for all key stakeholders including – CIO, CTO, CISO, CFO, CRO to be aligned around strategy, and regularly assess their information security programs, controls, and safety of crown jewels
- Cybersecurity is a Responsibility. The key elements of cybersecurity including- policies, process, technologies must be tightly integrated. The accountability starts at the top level including Senior executives and Board members.
The cybersecurity landscape is complex, and it is extremely difficult to encapsulate all the aspects that may confront a corporate board and Executive level. The mentioned areas provide insights and impetus to address the cybersecurity threat.
By:- Sapan Talwar