It’s a given that we should be worried about a breach of our cyber defenses, the disruption and even shutdown of our computer systems with the hacker demanding a ransom, or the theft of our data and intellectual property.
But how much does it matter?
Should it matter more than the possibility of a 25% increase in the cost (due to tariffs) of necessary materials for our business?
Should it matter more than the possibility of a recession that could cut demand for our goods and services?
Should it matter more than the possibility that our products and services could be made obsolete as competitors offer more sophisticated solutions using AI?
Some cyber and information security practitioners simply say that the risk is “high”.
But what does “high” mean?
They may think it is high, meaning (in their eyes) that it demands immediate and expensive action.
But should top management and the board agree that it demands their highest priority and access to the firm’s pocketbook?
Other cyber risk practitioners report to management and the board the level of “risk to information assets”, as if that is sufficient information to justify monies being budgeted for cyber at the cost of spending on trade compliance, product development, marketing, etc.
No.
It is not sufficient.
Each of these challenges and many…
