As the executives, chief information security officers (CISOs), and chief risk officers (CROs) of large companies realize, the question of cyberattacks is no longer “if” but “where” and “how.”
Most large enterprises today are already dedicating sizable headcounts and operating budgets to identifying risks, defending the company against threats, and mitigating the effects of the attacks that are already occurring.
The TCS study of enterprise risk and cybersecurity professionals shows, reports some good news.
For one thing, funding for cybersecurity and risk mitigation initiatives is active and high (Figure 1).
For another, considering all other factors, 60% of cyber risk and security executives feel some confidence their company will be able to avoid a major cyber event that results in significant financial loss or reputational damage.
They know they’ll be attacked, but they are either cautiously confident or (for 14%) even very confident they will weather the onslaught (Figure 2).
How involved are the executives and the C-suite in defending the company against assaults and intrusions by bad actors?
The study reports that two out of five boards include cyber risk and security on their agendas at every meeting, but almost one in five boards is mostly disengaged from the topic.
Companies with publicly traded shares are more likely to have boards that focus on risk and cybersecurity at every meeting given the growing legislation and reporting obligations around privacy and security, especially for exchange-listed enterprises.
Similar, if a little less proactive, engagement from other C-suite executives was described by CISOs and CROs as below:
Here’s a graph of CISOs & CROs’ confidence in their company’s ability to avoid a major cyber incident in the next 3 years resulting in significant financial or reputational loss:
Too many companies, though, still believe they cannot sufficiently defend themselves against risks that already exist, much less those that are on the horizon like AI-assisted attacks.
Though boards are becoming more and more concerned about cyber risk and security, C-suites and lines of business continue to only focus on the issue when it is brought to their attention. And it’s noted that 18% of C-suites only focus on it after the organization has already been attacked.
What are the top priorities for cyber defense and business resiliency?
According to cyber risk and security strategists, the most common tasks given to them by their boards of directors are to
1) increase the company’s cybersecurity maturity and adopt emerging models like “zero trust”
2) increase the visibility of cyber risks and ensure compliance with regulatory and industry requirements, and
3) ensure that cyber risks are holistically managed and mitigated across their companies and partners.
So getting started with cyber initiatives involves adopting emerging models and maintaining compliance. This is possible by getting started on the strongest organizational protection available: https://www.acmetek.com/secure-networks/
