BUSINESS surveillance
CYBERSECURITY SHOULD BE MORE THAN A TECHNOLOGY ISSUE
Rafi Brenner , Vice President , Information Security , Fortinet , tells us that for too long cybersecurity has been treated as a mere technology issue . “ It ’ s not ,” he says . “ Cybersecurity must be seen as an enterprise risk-management imperative .”
ybercrime tactics such as phishing
C and social engineering , commonly used to infect critical systems with malware or ransomware , have reached epidemic levels . And there are no signs of it slowing down . According to Statista , the global cost of cybercrime is expected to increase by nearly 70 % over the next five years , growing to US $ 13.82 trillion by 2028 .
Cyber incidents can damage corporate operations , brand reputation , trust and financial conditions . They can cripple revenue-generating and servicedelivery processes and materialise into legal and regulatory fines , adversely impacting a company ’ s financial performance and valuations . And in cases in which critical infrastructures are involved , those risks can also affect the environment and even put human lives at risk . As a result , the World Economic Forum ’ s latest report on global risks ranks cyber as the most significant sustainability risk to businesses , along with climate change , reaffirming why cyberthreats and cybersecurity governance have become top issues for regulators and corporate boards alike .
Growing cyber-risk has led to increased oversight
The widespread concerns about cyber-risks and cybersecurity have led to heightened attention from regulators . Data privacy and breach notification laws were enacted in the United States in 2002 . Even stricter regulations have been implemented in other regions , such as the General Data Protection Regulation ( GDPR ) enacted by the European Union in 2016 and enforced since 2018 and the California Consumer Privacy Act ( CCPA ) of 2018 .
In addition , the US . Securities and Exchange Commission ( SEC ) recently adopted cybersecurity disclosure requirements , making it clear that cybersecurity is not just an IT issue . Instead , it is an integral component of a company ’ s broader enterprise-wide risk-management structure . These rules require public companies to report material cybersecurity incidents and disclose their cybersecurity risk management strategy and governance , effectively shifting cybersecurity governance responsibilities from the CIO ’ s and CISO ’ s offices to the board of directors .
As regulators tighten compliance requirements , effective cyber-risk and cybersecurity governance programs must be implemented at the board level and include active engagement from the board and key corporate executives , such as the CIO , CEO , CFO , CSO and CISO . To achieve this , boards must show their expertise and oversight in ensuring appropriate leadership and strategies are in place to adequately manage cyber-risks inside the organisation . Senior leadership must be
WWW . INTELLIGENTCISO . COM 63