News

Five Strategies For Boards To Enhance Governance And Resilience In The Face Of Evolving Cyber Risks

Steve Durbin, ISF CEO
Published 11 - September - 2024
Read the full article on Forbes
riskforbesgovernance

These are challenging times and uncertain times, especially from a cybersecurity perspective. Critical infrastructure such as hospitals, airports, water treatment plants and the power grid are being bombarded with cyberattacks.

Far too many organizations are taking this too lightly and lack real-world preparedness. For instance, hackers behind the recent Synnovis attack in the U.K. demanded a $50 million ransom—yet many in the healthcare sector cross their fingers, hoping malicious actors don’t cross their path. Some organizations have outsourced their cybersecurity functions to a third party and assume they have abdicated their responsibility. But companies must never abdicate cybersecurity.

Cybersecurity is no longer an IT issue. It’s a business issue, and it’s a boardroom issue. Senior execs and board members have a fiduciary duty to their customers, investors and shareholders to protect the organization’s critical assets and infrastructure from any kind of business disruption or destruction. So how can board members better manage and govern cybersecurity? Below are five strategies I recommend.

1. Accept and assess cyber risk as part of the broader risk management strategy.

Many organizations accept the implementation of technology as a means to drive their business forward without debating or discussing the “what happens when it goes wrong” question. Ransomware attacks on hospitals can result in delayed treatment, delayed surgeries and can even result in loss of life. How many hospitals consider this when onboarding new systems and technology?

We’ve already seen the power unleashed by the CrowdStrike incident. A ransomware attack can cause mass-scale disruption, encrypted systems, extortion demands, panic and chaos. From a risk, business and leadership standpoint, we need to account for multiple scenarios, including indirect threats posed by supply-chain and third-party partners.

2. Consider cybersecurity an investment, not an expense.

Cybersecurity is usually a trade-off. Businesses are constantly challenged with the question as to how much capital will be invested on cybersecurity versus spending on things that help drive the ability to innovate, scale and support. All too often, security is an easy target because executives may fail to see the direct link between the cybersecurity budget and its ROI.

More Insights from ISF CEO Steve Durbin

view all our news articles
Array
podcast

Unity Amid the Chaos: Finding common ground in a de-stabilised society

Steve Durbin explores how technology; social media are shaping new forms of division defined by personal identities, interests, and beliefs.

Listen Now on Unity Amid the Chaos: Finding common ground in a de-stabilised society
Array
video

ISF Interview: Steve Durbin talks cyber resilience and business continuity

ISF Chief Executive Steve Durbin offers his perspective on the global landscape and prepares organisations for the challenges ahead.

Watch now on ISF Interview: Steve Durbin talks cyber resilience and business continuity
news
Risk

Striking a Balance Between Business Growth, Risk Management, and Cybersecurity

Featured in Security Boulevard, ISF CEO, Steve Durbin shares recommendations on how to balance business growth with risk management.

published 16 - August - 2024
Read More on Striking a Balance Between Business Growth, Risk Management, and Cybersecurity
Five Strategies For Boards To Enhance Governance And Resilience In The Face Of Evolving Cyber Risks
Read the full article on Forbes