4 Cybersecurity Factors Every Board Member Must Consider for 2019 Planning

Jake Olcott | October 5, 2018

Cybersecurity is a growing topic of discussion in Board meetings everywhere — given this fact, Board members need to be prepared to speak knowledgeably about their organization’s cybersecurity posture and programs. As businesses near the last quarter of the year and begin their planning processes, Boards must also be thinking about how to best prepare for 2019.  Here are some factors that Boards must take into consideration:

Insight into Internal Security Performance

Security ratings provide key performance indicators of a company’s security operations, providing Board members transparency and visibility into an organization’s security posture. To effectively understand the impact of security programs and communicate changes to key decision makers, companies need tools that provide a quantified and comparative view of cybersecurity performance over time. A clear picture into a company’s security posture helps Boards assess the effectiveness of the internal security and risk programs that are already in place.

Benchmarking Security Performance to Industry Peers

While other corporate functions have embraced benchmarking as a way to compare performance, risk and security teams have been left in the dark. Traditional tools for network security are unable to compare security performance against industry averages and peers. By showing a company’s cybersecurity performance in relation to peers and actionable high level network performance metrics, organizations have been able to clearly demonstrate program improvements and advocate for increased cybersecurity resources.

The Importance of Managing Third-Party Risk

It’s important for Boards to prioritize the importance of third-party, or vendor, risk within your organization. Given that last year 56% of companies were affected by a third-party data breach, this is becoming absolutely critical. Businesses can partner with hundreds or even thousands of vendors that they engage with almost every day — if those companies possess sensitive information, it’s critical that their networks are readied for potential attacks as well. This is because hackers are now attacking larger organizations through these smaller vendors they know that other, smaller organizations may not have the bandwidth to guard against these bad actors.

This trend truly highlights the importance of continuously monitoring your vendors. BitSight Security Ratings help organizations do just this every single day, assisting them in building and adjusting their vendor risk management program at the speed and growth of their business. Overall, understanding third-party risk in a real, quantifiable way helps organizations keep their network safe. Boards should expect to receive regular updates from security teams about the security performance of their critical vendors.

Effectiveness of Security Spending

As the year comes to a close, Board members must be thoughtful about planning for 2019. While it’s great to end the last quarter of the business year on a strong note, it’s even more critical for businesses to set internal teams up for success when returning to work in January. One of the best ways to accomplish this is to be strategic about the extra budget the organization possesses in Q4, and asking themselves this question: how can my organization be mindful about spending extra funds to benefit our security program later on?

Security and risk professionals must identify, quantify and mitigate risk across their organization and ecosystem. A primary way to do this is with security ratings, which support their security program and their vendor risk program by helping assess both internal and third party security performance, as mentioned above.

Today, the Board of Directors is more involved in cybersecurity strategy and planning than ever before. It’s critical that they understand the effectiveness of their security spending and risk management programs.

security ratings snapshot

Suggested Posts

Zerologon: BitSight Observations on a Dangerous Vulnerability

New vulnerabilities emerge daily... but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability.  Zerologon was recently identified by the National Security Agency...


BitSight’s View into the NSA’s Top Vulnerabilities

In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors.  The NSA issued the alert in order to...


Market-Changing Research Reveals Link Between Strong Cybersecurity and Stock Price

One of the biggest questions in cybersecurity now has an answer… and the implications are significant for investors, policymakers, corporate executives, and cybersecurity professionals alike. 


Subscribe to get security news and updates in your inbox.