Enterprise Cybersecurity Programs

Recent studies show that data security was the number one concern of directors and General Counsel (GC) at public companies. Over 77% of both directors and GCs report that their cyber liability risk has risen over the past two years. Approximately three-quarters of managers and two-thirds of GCs believe that they need more cyber risk data to be able to provide good governance in this area. ¹

Cybersecurity is an enterprise risk. More than that, it takes a village. It takes a village to raise a child is an African proverb that means that an entire community of people must interact with children for those children to experience and grow in a safe and healthy environment. The same can be said for cybersecurity. Cybersecurity touches every person, every department, every function, every transaction, and every partner, from the moment that the business starts.

It takes more than a percent of IT spend and the CISO. It takes people, process, and tools that holistically work together. The cybersecurity program is integrated from a data perspective with the privacy, compliance, and risk programs. Teams need to inventory the digital assets, quantify the cyber exposures of the digital assets, determine where gaps can be tightened across the IT infrastructure, associate the digital assets to legal and regulatory requirements, understand the effectiveness of the cybersecurity controls, reduce the gaps in the control, ensure compliance to regulations, and use cyber tools and processes to identify, detect, protect, respond, and recover from cyber events.

To ensure the cybersecurity program is useful we must look at all the data in context to use information that allows all the stakeholders to work together across the enterprise to become more resilient.