Board and CEO Understanding of CyberSecurity as CISOs Grapple with the C-Suite – BSW #356
In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more!
Hosts
- 1. The Board’s understanding of cybersecurity
Boards increasingly understand that cybercrime is a risk management issue that affects the entire company and requires Board oversight. However, although Boards know that they need to stay informed about cybersecurity, keeping up with it, in this complex, rapidly evolving world of IT, is often a challenge. The Board plays a crucial role in ensuring that the company is adequately managing its cybersecurity risk. The Board must appropriately prioritise cybersecurity, ask the right questions and ensure that cybersecurity policies and procedures are in place and appropriately funded.
- 2. US Supreme Court ruling will likely cause cyber regulation chaos
A host of recently adopted cyber regulations will likely be challenged following the Court’s ruling, but some recent regulations stand out as leading candidates for litigation. Among these are:
- SEC cyber incident reporting requirements
- FCC data breach reporting rules
- CISA cyber incident reporting requirements
- 3. What does your CEO need to know about cybersecurity?
CEOs don’t necessarily have to become experts in the technical aspects of cybersecurity to be prepared in case of an attack or — hopefully — stop one before it starts.
- 4. A CISO’s Guide to Avoiding Jail After a Breach
Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
- 5. As CISOs grapple with the C-suite, job satisfaction takes a hit
Research found CISO job satisfaction has direct ties to how much — or little — access security leaders have to company management.
- 6. Key Insights from the 2024 Verizon DBIR
Verizon examined over 10,000 breaches to provide actionable perspective and analysis for companies of all sizes. The 100-page report not only highlights their summary of findings, but provides data-based evidence that companies can use to advocate for security and compliance solutions within their organization. Let’s take a look at some key statistics from this year’s report:
- 14% of breaches involved the exploitation of vulnerabilities as an initial access step, almost triple the amount reported last year.
- 68% of breaches involved a non-malicious human element.
- 62% of financially motivated incidents involved ransomware or extortion, with an average loss of $46,000 per breach.
- 15% of breaches involved a third party.
- 32% of breaches in 2023 involved some sort of extortion (including ransomware).
- 31% of all breaches over the past 10 years have involved the use of stolen credentials.
- 7. Creating Stability Is Just as Important as Managing Change
When we think about change at work today, we tend to assume its inevitability and focus our attention on how to manage it — what methods and processes and technology and communication we need to put in place to have it move ahead more smoothly. Of course, some change is necessary, and some is inevitable. But not all of it. What the scientific literature on predictability, agency, belonging, place, and meaning suggests is that before we think about managing change, we should consider the conditions that people need at work in order to be productive. In this article, the author explains why we should cultivate a renewed appreciation for the virtues of stability, together with an understanding of how to practice “stability management.”
