While many organizations designate a single person as their cybersecurity lead, such as a chief information security officer, relying on one individual may not be the best approach.
Instead, many security experts and researchers believe that the best way forward is to share cybersecurity accountability and responsibility across a leadership team.
That's not to say that a CISO, chief information officer, IT manager or similar leader can't take a central role when it comes to cybersecurity.
Other key stakeholders such as CEOs, chief operating officers, board directors, and lines of business managers should also likely be involved and share at least some accountability/responsibility.
These other leaders can have valuable insights into different areas of the business that affect cybersecurity strategy.
In this article, we'll dive more into why a shared model is the way forward and take a look at how to implement this approach.
A key reason why cybersecurity accountability should be shared is that cybersecurity directly affects business issues.
A ransomware attack, for example, isn't just limited to IT figuring out how to remedy the attack and restore data access.
It can also affect areas like PR, considering that companies could need to manage public perception of the attack, especially if sensitive customer information leaks.
88% of boards of directors think of cybersecurity as a business risk, rather than just a technology risk, finds Gartner.
The good news is that more companies are starting to realize that cybersecurity is an enterprise-wide issue.
A 2021 KPMG global survey finds that CEOs ranked cybersecurity as the top risk to their organization's growth over the following three years.
In comparison, cybersecurity ranked fifth in the previous year's survey.
By taking a more collective approach, businesses can get a more thorough understanding of the risks they face and figure out ways to strengthen their defenses.
A CISO might have clarity on emerging cyber threats, for example, but they might not have the same day-to-day oversight over sales teams to make sure they're following corresponding protocols when handling customer data.
Getting to that point could require current leaders, such as CISOs, to put more effort into helping other executives and lines of business managers fully understand what's at stake.
One way to tell clear stories and put cyber risk in business terms is to use solutions such as Kovrr's cyber risk quantification platform.
Doing so can quantify cyber risk in financial terms, which can help non-technical leaders understand exactly what's at stake.
From there, executives and other key stakeholders can prioritize cybersecurity defenses based on financial risk and potential reduction of it.
That can be a natural way to keep other leaders, such as CEOs and CFOs, engaged and accountable when it comes to cybersecurity.
This Cyber News was published on securityboulevard.com. Publication date: Sun, 17 Dec 2023 17:13:04 +0000