A recent study from the National Association of Corporate Directors highlights that one in five directors is dissatisfied with the quality of cyber-risk information that the board gets from management. Board members who felt their company was properly secured against a cyberattack fell to 37% in 2017 from 42% in 2016.<\/p>\n\n\n\n
One of the primary reasons for this drop in cybersecurity confidence is that most boards simply don\u2019t feel qualified enough to push their chief security officer for answers on what vulnerabilities their company faces and how they\u2019re protecting against today\u2019s attacks.\u00a0As a result, most board-level conversations are general in nature, such as, \u201cAre we spending on the right things?\u201d<\/p>\n\n\n\n
Cybersecurity needs to be a board-level discussion, and a vigorous one. Just consider the recent headlines illustrating the risks. FedEx and Maersk<\/a> each forecast $300 million in losses<\/a> tied to the NotPetya attack<\/a>. This year, it is estimated cybercrime will cost businesses more than $2 trillion\u2014a four-fold increase from 2015. And according to data from Juniper Research, the average cost of a data breach will exceed $150 million by 2020. The risks are not just financial, they could completely paralyze a business.<\/p>\n\n\n\n So how can board members get their hands around the issue? One of the biggest problems boards face is that they simply don\u2019t have enough of an understanding of how attackers target companies and what the proper response should be. Security needs to be more than a series of patches or spending on security technology. Board members need to be able to understand their organizations\u2019 vulnerabilities in context with their security capabilities.<\/p>\n\n\n\n