The security end goal for all organisations is cyber resilience. Effective prevention and detection measures are and will remain a critical cornerstone of security strategies, but companies shouldn’t stop there. What matters is how the organisation prepares for, withstands, responds to, and recovers from an incident. This depends on people and processes as much as it does on technology.
When the U.S. National Institute of Standards and Technologies (NIST) updated its benchmark Cybersecurity Framework earlier this year, it added security governance – how security is implemented and managed through people and processes – as a strategic priority. As a CIO, I completely agree with this.
Effective security governance includes such things as consistent security policies and programs, a business leadership that understands risk and how to manage it, robust incident response strategies, investment in skills and training, and more. Our international Cybernomics 101 study revealed that many organisations are finding these goals difficult to achieve.
Globally, just 43% of respondents believe they can effectively address cyber risk. In Australia, nearly 2 in 10…
