Blog

November 14, 2019

Cyber Risk Governance Responsibility is Enterprise-Wide

POSTED BY: GlassHouse Systems / 0 Comments / UNDER: Security

No matter what industry you fall under, you will agree that data is the lifeblood of your business. Any physical or digital data pertaining to your business, employees, customers, contractors and other stakeholders is always under threat from unscrupulous elements. Essentially, risk has become the new normal for business. In fact:

  • Global cybercrime now tops almost $600 billion, or 0.8% of the global GDP.
  • The average total cost of a data breach in 2019 is $3.92 million, around 12% higher than the 2014 average.

Cybercrimes continue to take on different shapes, forms and levels of sophistication, thanks to the easy availability of an array of tools on the dark web. These include custom malware, such as exploit kits, botnet rentals and web injections. Protecting your business with effective cybersecurity measures is imperative, and as CIOs, CTOs and CEOs, you may be actively promoting and supporting these initiatives. However, is your Board also closely involved in cyber risk governance? Read on to know how your organization’s Board of Directors can help strengthen your cyber risk mitigation strategy.

Cybersecurity is Every Stakeholder’s Responsibility; Your Board is No Exception

Here are what Board members should know about the realities and constraints of actual cyber risk governance.

  1. Business data security is complex: When it comes to data sharing protocols and advanced security measures, the situation can be complex. See these research statistics, for example:
  • While 85% of companies share access to data with business partners, only 28% have well-defined security standards for data sharing.
  • 83% of businesses believe that breakthrough technologies are essential for a secure cyber future. However, only 2 out 5 companies are actually investing in machine learning, Artificial Intelligence (AI), analytics, and automated pre and post-breach orchestration technologies.
  1. The struggle to manage cyber risks is real: Reports suggest that in small and medium-sized businesses, only 9% organizations depend on the Board of Directors, while establishing their IT security priorities. When it comes to large investments for cybersecurity measures, over 90% of businesses find that their Board is missing in action. In these situations, IT and security leaders often cite budgetary constraints and resource management issues as key governance challenges.
  2. Some industries face long-tailed costs: Highly regulated industries, such as healthcare, financial services and energy often face long-tailed breach costs. Typically, over 47% of their costs occur a year after the data breach incident. Expensive class action lawsuits and hefty regulator fines are the primary contributors to this extended cost timeline.

A responsible and effective Board is:

  • Aware of the short- and long-term repercussions of a data breach incident
  • An active contributor to discussions on cybersecurity priorities and investments
  • The initiator of relevant conversations around cyber risk mitigation strategies

Keeping your Board informed about potential cyber threats and governance issues will go a long way in directing their attention and enthusiasm towards the desired cybersecurity initiatives.

Are You Ready to Secure the Cyber Future of Your Business?

Given the average cost and size of typical data breaches, along with the associated customer turnover and data breach life cycle, it is clear that every Board needs to drive an active strategy towards cyber risk governance. This involves collaborating with the leadership teams in developing a secure cyber future through people, processes and technology.

At Glasshouse Systems, we have over 25 years of cross-industry experience in designing, implementing and managing a range of cyber risk mitigation solutions. Our technical experts conduct meticulous assessments to establish your organization’s current security landscape and a roadmap for a robust enterprise security framework. Taking these findings to your Board will help them get a clearer picture of threat assessments, gaps and vulnerabilities in your cybersecurity measures. This in turn will help you:

  • Create a suitable budget for tackling current and future cyber threats
  • Build and implement policies and processes aligned with your enterprise security goals

Contact us to learn more about our cybersecurity solutions, or leave a comment below.

 

For Canada and worldwide, contact our main Canadian offices:

  • +1 (416) 229-2950
  • +1 (416) 229-9096

By email: canada@ghsystems.com

 

For all US-based enquiries, please contact our main US offices at:

  • +1 (630) 724-8500
  • +1 (630) 724-8509

By email: us@ghsystems.com

TAGS: Security