Boards depend on cyber-security visibility to ensure their organisations are protected against digital threats. But while it’s tempting to look for solutions that offer cyber-security insights, having more tools isn’t always better. In fact, research by IBM shows that compared to those with fewer tools, organisations using more than 50 different security solutions ranked 8% lower in their ability to detect cyberattacks and 7% lower in their ability to respond to cyberattacks.
What’s at stake? The 2020 EY Global Information Security Survey shows that while 92% of boards are fully or somewhat involved in cyber-security direction and strategy, only 20% are extremely confident that their organisation will be able to protect itself from a significant cyber-security attack. Even more worrying, the EY survey also shows that at 59% of organisations, the relationship between cyber-security and other key business functions is either neutral, mistrustful or nonexistent. Without trust, organisations will be less likely to adopt needed cybersecurity investments.
Consequently, improved cybersecurity visibility will play an essential role in strengthening these relationships and boosting board confidence.
Boards Must Consider These 3 Critical Elements for Complete Cyber-security Visibility
- Technical visibility: This is where organisations assess both internal vulnerabilities and external threats. The number of connected devices has grown steadily in recent years, and the transition to remote work has only added to the challenge of maintaining network security. In this evolving landscape, with attacks now targeting cloud-based managed service providers, boards may also have concerns about turning business operations over to the cloud. And because organisations are responsible for keeping their data secure, even when it is in the hands of third parties, adding additional service providers adds a level of complexity to cybersecurity defenses. Organisations must work with service providers to ensure they retain full visibility.
- Operational visibility: Current research shows that 94% of malware is delivered through email and that phishing attacks make up more than 80% of cybersecurity incidents. Rather than looking for weaknesses in technology, these attacks exploit people: the employees who click on a link in a suspect email, or hand over sensitive information to a hacker. Operational visibility gives insight into how and why people are accessing data, which helps keep the organisation compliant and secure. Boards must ensure they receive cyber-security training and education and that training is also made available to every employee. Failure to do so can have serious consequences: in addition to amplifying the financial impact to the organisation (in 2020, compliance failures added more than $250,000 to the average total data breach costs), board directors can also be held personally liable.
- Organizational visibility: Organisational visibility lets boards assess the extent to which a cyberattack could damage the company’s brand, reputation, or intellectual property. Lost business, including increased customer turnover and increased recovery costs due to damaged reputation, consistently represents the largest contributing factor to data breach costs.
For many organisations, the consequences of poor cyber-security visibility can be catastrophic. And while data breaches at the largest organisations tend to get the most attention, smaller organisations often bear a much greater financial impact: in 2019, the average cost of a data breach for organisations with between 500 and 1000 employees was $3,533 per employee, compared to just $204 per employee for organisations with more than 25,000 employees.
Recommendations for Achieving 24/7 Cybersecurity Visibility
When organisations have the right cyber-security solutions in place, boards not only gain a better picture of the external threats but also get the insights and understanding that can help foster stronger relationships between key business functions and cyber-security. This, in turn, plays a critical role in establishing a stronger cyber-security culture across the entire organisation.
The Diligent Boards application uses a clear and straightforward A-F grade scale so that board directors can easily understand, communicate and improve their cyber-security posture, and ratings from Security Scorecard effectively highlight cybersecurity vulnerabilities. With instant access to both current cyber-security vulnerabilities at the micro-level and a high-level cyber-security risk score, boards can better take the decisive action needed to avoid cyber attacks. You can learn more about how Diligent Board Management Software gives your leadership better visibility in cyber-security through a demo with our team.