Cyber risks are spiralling out of control, with Trend Micro blocking 161 billion threats in 2023 alone, a 10% annual increase. As organisations pursue digital transformation, their expanding digital attack surfaces attract cybercriminals who easily exploit vulnerabilities. This has prompted global regulators to push for greater accountability from business leadership in managing cyber risks.
In the US, the SEC now mandates disclosure of significant cybersecurity incidents and requires organisations to detail their risk management processes, including management and board roles. Similarly, the EU’s NIS 2 directive mandates management approval of cyber risk measures, oversight of implementation, and specialised security training, with personal liability for severe breaches.
A survey by Sapio Research of 2,600 IT leaders across various regions indicates that regulators are justified in their stringent stance on boardroom accountability. Many organisations lack the resources and strategic leadership necessary for effective cybersecurity.
The cyber threat landscape is constantly evolving, driven by a lucrative cybercrime ecosystem worth trillions of dollars. Emerging AI tools…