Light Dark
July 24, 2014 By Rick M Robinson 2 min read
CISO

Cyber security threats aren’t just for security specialists anymore. Today, cyber security is drawing attention from the very top, with one recent study finding that it has now become the number-one concern of corporate boards.

The reasons for this board-level concern are not hard to understand. Enterprises can be — and many already have been — badly shaken by cyber security breaches. However, the more important thing to know about the boardroom’s interest in cyber security is that it can be highly effective for building a framework with better security. One thing we have learned about cyber security is that it needs to be built in, not bolted on as an afterthought — and support from the boardroom helps.

Topping the Worry List: Cyber Security Threats

As reported by FierceCIO, cyber security has now come front and center in corporate boardrooms. A recent study by FTI Consulting titled “Law in the Boardroom in 2014” surveyed nearly 500 board members and general counsel. The study found that cyber security threats have taken over the top spot in the lists of worries by both board members and general counsel, displacing concern over succession and leadership transitions.

Cyber security threats have drawn this much attention because they are so costly — and growing costlier by the year. Regulators, the media, customers and markets all show scant mercy to organizations that have suffered major security breaches, especially if consumers’ sensitive data has been exposed. The FTI study cites the Ponemon Institute’s estimate that the average cost of security breaches went up 30 percent in the past year alone.

Building Security With Focus From the Top

Given the costs of cyber security breaches, the heightened boardroom interest in security is no surprise. But the good news for everyone — except black-hat hackers — is that leadership from the boardroom can have a real, crucial effect in building better security.

In their new e-book “Staying Ahead in the Cyber Security Game,” security experts Erik van Ommeren, Martin Borrett and Marinus Kuivenhoven said that until recently, security was treated largely as an afterthought. Now, however, hard experience is teaching organizations “to consider security as an essential element of how products and services are designed and delivered, how business processes within an organization are structured and how both customer and confidential data and information are stored and protected,” according to the e-book.

Security at the Heart

Even more fundamentally, the authors write, our hard-won security experience has taught us that security must be built into the systems architecture from the outset. In the e-book, a chief security officer of a research institute states, “Security must be at the heart of systems.”

At first glance, this sounds like an impossible ideal; after all, enterprises must work with systems that already exist. But these systems are in constant development, and the practical goal is to improve security with all-new builds and upgrades, gradually bringing the security of the whole system to a higher level.

What is needed above all is the ongoing, focused attention on cyber security that is now dominating the boardroom. This makes now the ideal moment to take charge in building the secure networks of trust that enterprises need to thrive in the information age.

 |  |  |  |  | 
Rick M Robinson

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature