Diligent Q&A – Kicking off Cybersecurity Awareness Month with Monica Landen
In honor of Cybersecurity Awareness Month, we sat down with Monica Landen, Diligent’s Chief Information Security Officer, to discuss the current state of cybersecurity and how companies can make cyber risk an organization-wide imperative.
Q. Cybersecurity is a top concern for companies today. How can organizations strengthen their cybersecurity strategies and programs?
A. One of the biggest challenges across industries is the tech talent shortage. Four million professionals are needed to fill the global cybersecurity workforce gap, and according to an annual skills gap report, 70% of organizations say the cybersecurity skills shortage creates additional risks for their companies. Industries focusing on building strong cybersecurity practices need to ensure they have the talent to address security challenges.
Beyond that, companies should focus on the basics. This includes patching and updating software, adopting phishing-resistant multifactor authentication, and access management. It’s easy to get distracted by shiny new technologies, but having a strong cybersecurity foundation is essential in protecting organizations from the most common threats.
Q. Are there industries that should be focusing more on cybersecurity than others?
A. Every industry should prioritize cybersecurity. However, sectors like healthcare, finance, and government agencies are especially vulnerable due to the nature of the data they handle and the direct impact on people’s lives. Unfortunately, many startups and smaller firms tend to prioritize rapid growth over security, thinking they won’t be targeted because of their size or lack of brand recognition. The reality is that cybercriminals often target smaller companies because they are seen as the weaker link.
Q. What advice do you have for CISOs when communicating cyber risks to the board?
A. It’s important to communicate in plain language. Many board members see cybersecurity as a “black box” and don’t know where the organization stands until an incident occurs. I recommend focusing on five key areas: industry trends, how they apply to the company, past security incidents, lessons learned, and the overall maturity and operational effectiveness of the cybersecurity program. Boards want to know the business impact of cyber risk. Quantifying risk and tying outcomes to financials can help drive home the importance of cybersecurity measures.
Cybersecurity is already a top risk for most businesses, and this will only increase in importance. Boards will need to focus on cyber literacy, and I predict it will soon be a requirement to have cybersecurity experts on every board. In addition, CISOs must possess strong business and financial acumen to effectively communicate with boards, aligning business strategies with organizational goals.
Q. Lastly, how can organizations build a stronger security culture?
A. Cybersecurity needs to be a priority for everyone, not just the security team. October is a great time to kick off these conversations, but it shouldn’t be limited to just one month. Organizations should hold regular awareness sessions, with executive leadership actively leading and promoting these efforts. When the message comes from the top, it’s more likely to be taken seriously across the organization.
This Cybersecurity Awareness Month, we encourage organizations to reflect on their security strategies and consider how they can foster a stronger security culture across the business. Cybersecurity is everyone’s responsibility, and as Monica reminds us, it starts with the basics and a commitment from leadership.
