The growing number of cyber-attacks has become top concern for organizations across the globe. With the adoption of remote work, integration of cloud platforms and acceleration of other digital transformation initiatives, many organizations failed to take the necessary cybersecurity measures. This has cost organizations dearly, both in terms of revenue and reputation.
As per a report from IBM, titled “Cost of Data Breach Report 2021” the average total cost of a data breach has increased by nearly ten percent where the price increased from US $3.86 million to US $4.24 million. Another 2022 study from Gartner titled, “Predicts 2022: Cyber-Physical Systems Security – Critical Infrastructure in Focus” revealed that 30% of critical infrastructure organizations would experience a security breach by 2025, resulting in halting the operations or mission-critical cyber-physical infrastructure.
While business executives have taken it upon themselves to better their cybersecurity infrastructure, they often fail to view the complete picture of actual risks and threats within the infrastructure.
Also Read: Top Three Security Mistakes CISOs Make today
Security leaders who provide deep technical presentations about system vulnerabilities, network anomalies, and suspicious events, do little to value executives when they have to make financial and operational decisions.
It is time for security professionals to speak the same tongue as their business partners. They should collaborate with them to establish clear and concise methodologies that enable the organization to monitor key performance indicators. Additionally, these processes should showcase the threats and risks that organizations may encounter and what these mean for business.
Few aspects that can help to establish the right KPIs include: critical risk, high risk, and moderate risk, each highlight the severity of cyber threats in terms of revenue, brand reputation and customer confidence. These can enable the security department to communicate risk to executives and set thresholds for decision-making.
It is crucial for business executives and security leaders to understand that not everything has a mission outside of information security unless their firm is a cybersecurity one.
Also Read: Top Four Strategies to Optimize Cybersecurity Budget in 2022
Business leaders should take the following steps to put the conversation forward while setting the tone for expectations, accountability as well as recurring updates.
Business leaders should establish security standards for their organizations to follow. They can choose from a range of below such as 18, ISO-27001, SOC2, NIST as well as others that are good starting points.
Also Read: Top Four Strategies to Optimize Cybersecurity Budget in 2022
Run a security assessment of the present state of security. They should perform this assessment through an external security organization so that the outcomes are unbiased and can be viewed from a different perspective.
They should conduct meetings with security professionals, hold each other accountable, set objectives while taking actions to achieve them. This also provides the security department with an opportunity to communicate risk, highlight the achievements, and immediately convey a message that requires their attention.
Both business executives and information security leaders should become familiar with one another; communicate in the same language. They should identify and define the risk appetite of organizations and their resilience to cyber threats and then encounter threats head-on.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.