CEOs: Maintain Cyber Resilience While Dealing with COVID-19
For the past five years, boards and executives have been told repeatedly that responsibility for managing cyber risk must start at the top. Two-thirds or more of recorded cyber breaches are not caused by failing technology but instead by failures of people, policy, and process.3 The obvious response is to implement an effective cyber risk governance program that helps executives and board oversee cyber risk just as they do other enterprise risks, without requiring them to become cyber experts.
Recently, members of the Chinese military were charged with stealing names, addresses, Social Security and driver’s license numbers, and other personal information stored in Equifax’s databases. Access to massive amounts of personal data was possible because software patches weren’t applied in a timely manner. Equifax’s CEO blamed an employee, but the facts pointed to management’s failure to ensure that policies and processes were followed, which subsequently led to massive third-party lawsuits alleging negligence and malfeasance by the management and the board.4
Despite high-profile management failures and repeated warnings to CEOs, the frequency and impact of cyber events, especially against small and medium businesses, continues to accelerate. As Scott Steinberg of CNBC recently noted, “With 43 percent of online attacks now aimed at small businesses, a favorite target of high-tech villains, yet only 14 percent prepared to defend themselves, owners increasingly need to start making high-tech security a top priority.”5
Contact us for more information.