Written by Brett Galloway and Virginia Gambale
Last year, attacks such as SolarWinds and Colonial Pipeline have served as a powerful wake-up call for enterprises. The SolarWinds supply chain attack demonstrated that cybercriminals could gain access to some of the world’s most highly regarded companies while remaining undetected for months. Meanwhile, the Colonial Pipeline ransomware attack directly impacted the socioeconomic health of the United States through gas shortages and price increases, transforming ransomware into a top-tier national security threat overnight.
Coming off the one-year anniversary of the SolarWinds intrusion, concerns remain about the effectiveness of the capabilities and programs that have been put in place and the effectiveness of the board’s governance of cybersecurity risk.
After a decade of investment and innovation, the time has come to shift from capability development toward outcome-driven cybersecurity readiness. That is where the board needs to step in.
The board of directors is responsible for providing oversight to every aspect of the business, including cybersecurity risk. Boards need to elevate cybersecurity effectiveness by: (1)…
