EXECUTIVE SUMMARY:
The ever-expanding liability for an organization’s cybersecurity now goes well beyond IT to include the entire c-suite and even the board. But being liable and knowing what to do in the face of that liability are two different things.
A report earlier this year by WomenCorporateDirectors and Marsh & McLennan provides a good snapshot for how businesses are addressing cybersecurity issues. Some key findings:
- More than a third of directors at US public companies said they now discuss cybersecurity at every board meeting.
- Most boards have only one director serving as the tech or cyber expert.
- A third of organizations said they do not assess the cybersecurity risk of suppliers and vendors.
- Less than one third of companies have a cyber response plan. Meanwhile, however, a survey by the National Association of Corporate Directors (NACD) indicates that about 40% of boards that do have a cyber response plan have not reviewed it during the past 12 months.
- Tech executives and the board have a communications disconnect: 45% of risk and technology executives said they send information on; but only 18% of directors said they receive such information.
The takeaway seems to be that businesses get the concept of cybersecurity risk but they’re still not really equipped to deal with it.
Knowing the essentials for maintaining a good cybersecurity practice is critical. For a helpful guide on security fundamentals, click here.
