Report reveals support among security leaders for regulation aimed at driving board-level accountability for cyber risk mitigation
Cybereason, the XDR company, today announced the publication of the second report from the Cyber Defenders Council, a group of over 50 preeminent security leaders from public and private sector organizations across North America, EMEA, and APAC. The report, titled Bridging the Cyber-Business Divide: Will Regulation Reduce Cyber Risk and Improve Resiliency?, delves into the alignment gap between business and cybersecurity leaders and the negative impact this gap has on organizations’ ability to prevent cyberattacks. The report also explores the pros and cons of cybersecurity accountability regulation as a means to bridge this gap.
“Despite the progress security leaders have made to align cyber risk with business risk, a gap still exists globally,” according to Lior Div, CEO and Co-founder, Cybereason. “With cyber threats from nation-state actors on the rise, it’s important for security leaders, business leaders, and boards of directors to get on the same page regarding cyber risk. It’s going to take bold and decisive action, grounded in innovative approaches like Defend Forward, to fundamentally change the calculus of cyber risk and reverse the adversary advantage.”
In addition to tackling cybersecurity regulation, the report also offers prescriptive guidance for organizations to help manage risk, including:
- Identify the different types of data your organization stores
- Note the systems holding different types of sensitive data
- Regularly conduct rigorous and realistic tests of incident response plans
- Include, prioritize and acknowledge all known risks
“We need something that makes the CEO, CFO, and audit committee chair wake up and do something about cybersecurity,” says Dave DeWalt, a veteran security industry CEO and Founder and Managing Director of NightDragon, who has sat on 29 boards and served as guest speaker at the Cyber Defenders Council meeting.
Council member Malcolm Harkins, Chief Security and Trust Officer for Epiphany Systems, believes cybersecurity accountability regulation is needed “to get the C-suite and board to understand the importance of cybersecurity, and create the alignments inside organizations around it.”
Not all Council members favored regulation. Renee Guttmann, emeritus CISO for Campbell Soup Company, Royal Caribbean Cruises, Coca-Cola, and other large corporations doesn’t think broad-based government regulation is the answer. “Broad-based regulation will exacerbate the ‘security poverty line’ situation for small and midsize organizations.”