Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.
But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.
There is a simple but profound difference between looking at cyber risks in light of and not considering an organization’s mission. It is only by assessing cybersecurity risks to the mission that senior leaders can determine if their security controls are adequate, data defense specialists say.
Most organizations say they perform some form of ERM, but in practice, many look at trends in cyber threat activity or the implementation of specific cybersecurity best practices as proxy measures of…
