Ever think about how much havoc cyber criminals are capable of wreaking within your business? Stolen intellectual property, compromised employee details, exportation of customer data or your supply chain falling apart – really ‘bad things’ can happen if your IT infrastructure suffers a security breach.
If you’re a C-suite executive or board member, then you are likely very well aware of the cyber risk which increases as your company’s digital footprint expands. By one estimate, the average cost of a data breach is around $4 million per incident, and this was reported back in 2019. The average cost of a data breach in 2022 was $4.35 million, which is a 2.6% rise from 2021.
Suffice it to say, they can cripple organisations and even render them completely bankrupt in some cases. This begs the question: why isn’t cybersecurity brought up in meeting agendas between board members more often?
Deloitte conducted a survey in 2019, reporting that just 4% of executive respondents included cybersecurity in board meetings agendas each month; only 49% of organisations put cybersecurity on the board’s agenda each quarter.
Isn’t that a little crazy, with the amount of cyber risks that are constantly popping up and how clever hackers keep getting each year?
Luckily, not every company’s board members share this perspective. One board leadership fellow member at CrowdStrike®, for example, reported an upward trend in senior executives and board members getting involved in cybersecurity meetings – according to whom there’s an increased sense of urgency – a desire to be more proactive in addressing risks and the need to improve awareness, education and participation across not just one’s own organisation but also across entire industries and business units.
However, we are nowhere near where we need to be. There’s still a lack of clarity and guidance in the air among C-suite executives in regards to how they can add value and oversight without rolling up their sleeves and getting their hands dirty – that’s for the CISOs and security experts in their respective companies, after all. But this is precisely the kind of mindset that needs to change!
We believe most board members have been shy or hesitant to pursue cybersecurity as a monthly agenda because the technologies involved in combating such threats and mitigating them are probably not as well understood by them as they are by the actual cybersecurity experts using them. We also believe that senior leadership has yet to find the perfect balance between security and business efficiency as it is indeed a very complex and challenging balancing act, even for the most sophisticated and successful of companies.
With that said, board members do not need to be cybersecurity experts themselves in order to help the entire organisation prepare better to deal with cyber threats and attacks – but they do need to sit down and educate themselves on the most pressing issues, at least.
Owing to the growing legal, financial and brand damage concerns that come with security breaches, it’s high-time that C-suite executives revisit the frequency with which they debate on and discuss cybersecurity issues at board meetings.
Plus, better communication and communication frequency at the board level is one of the keys to reducing cyber risk as it sheds light on relevant facts for those who are responsible for governance – and gives them the ability to process the information they acquire in a way which can be productively discussed with the CISO to better formulate strategies for the future.
Irregular board meetings on cybersecurity are definitely not the smart way forward and consistent board oversight are now more of a must-have than a ‘nice to have’.
Securilix
Thanks for signing up to our newsletter.
Oops, there was an error sending your message.
Please try again later.