Even the most insulated CXOs are certainly cognizant of the constant stream of news related to cyber attacks. News feeds are full of reports of IT security breaches, to the point where awareness is no longer an issue. My own mother mails me cybersecurity articles cut out from her local newspaper.
Good executives devote time to understanding the risk in their organizations and play an active role in implementing cybersecurity practices, if for no other reason than to attempt to stay off the evening news and avoid the impact to stock prices. Boards have increased their interest, as well, as they recognize that cyber risk management and regulations require their oversight as much as any other risk to the business.
But no matter how much attention (or budget) is lavished on cybersecurity, executives need to understand that getting hacked isn’t a matter of if but when. This is the new normal in cybersecurity, and it changes the approach to preparation and risk management.
Mitigating Cyber Risk Means Understanding Time
In cybersecurity terms, there is protection time and exposure time. Protection time can be defined as the collective ability of your security policies, controls,…
