The possible negative effect of cyber attack on a business is so grave that it is time for the cybersecurity and information risk management is to be elevated and have its own category of INFOSEC (information security) and should be reported to the CXO level.
Board of director, chief information security officer, general counsels and chief risk officers need to comprehend and monitor the planning and readiness to address the threats of cyberattack.
Board of director, chief information security officer, general counsels and chief risk officers need to comprehend and monitor the planning and readiness to address the threats of cyberattack.
A recent study by a prominent body in cyber security found out that one third of all the general counsels surveyed believe that their board is not ready to handle cyber attack real time. Less than half of the CEOs said that their companies have a formulated and approved method for handling cyber attack. However, on a positive note, almost four fifth of all the general counsel and CEOs said that they are ready to detect a cyber security breach. This also indicates that there is a stark difference between being mentally ready or aware and to have a written strategy to combat the threat. In an older survey of 2012 by Carnegie Mellon decided that boards are not actively preparing for the threats for cyber attack.
Only one fourth of the respondents, all of whom are from Forbes Global 2000 companies, review the top-level privacy and information technology policies on a regular basis and approve them. However, a dismal 40% respondents said that they hardly ever do it, if ever. These figures are worrying and a call for the board members to pay more attention to cyber attack threats.
0 comments:
Post a Comment