CISOs are battling for the right insights to make decisions, the right amount of budget and resourcing, and the right seat at the table. It’s time to take control and ownership over cyber risk management.
The aftermath of a cyber breach can be costly. But just how expensive and where the brunt of that financial impact falls has been somewhat unclear, until now.
A new report by Radware and Merrill Research found that the price tag of cyberattacks has spiked significantly, increasing from $3 million per incident in 2018 to $4.6 million in the first half of 2019 alone. These multi-million-dollar breaches are also becoming more frequent. Breaches costing more than $10 million have doubled since 2018, and now stand at 13%.
The four main business impacts that organizations can expect in the aftermath of a cyberattack include customer loss (45%), brand reputation (44%), and revenue loss and operational effects (32% each).
Cyberattacks touch every corner of the organization
These statistics paint a clear picture – cybersecurity goes well beyond the role of the CIO or CISO and now encompasses every division in the organization. From the CMO to general counsel, HR to procurement, cybersecurity is everyone’s business. Indeed, Radware finds that 72% of executives, not just the CISO, report on cybersecurity each time the Board of Directors convenes, and 75% of executives say security is a key component in their marketing strategy.
These statistics provide powerful food for thought. But what does all of this really mean? Put simply, you need a way to quantify the cyber risk facing your own organization and measure the effectiveness of your cybersecurity investments in the face of that risk.
The challenge for many organizations is that they lack visibility into the true nature of risk – both in their own operations and those of their interconnected third-party vendors and supply chains. How do you remediate a risk you can’t see?
Score your organization’s risk
Manual risk assessments can help, but these are time-consuming and only provide a snapshot of security risk. However, with data-driven security ratings you’ll benefit from a proven, automated way to continuously benchmark risk that can be quickly leveraged by anyone in the organization to make educated decisions about mitigating risk.
These easy-to-understand ratings (think of them as the cyber equivalent of a credit score) give your organization a baseline metric of cybersecurity program performance. You can also drill down into the details to pinpoint risk areas, allocate resources and IT investments, establish more meaningful KPIs, and communicate the security posture of your organization (or a third-party partner’s) to executives, your Board, potential clients, and partners.
CISOs have a new role to play
You should also ensure that your CISO has a seat at the executive management table. That person must be able to clearly articulate the business impact of a sound cybersecurity strategy -- or lack thereof.
We hear time and again from CISOs that they’re only called upon when the executive team needs to be informed of a breach or to report on quarterly security measures. But with cybersecurity impacting every part of the organization and increasingly featuring as a line item in Board meetings, it’s critical that the CISO go beyond a reporting role at the table. He or she must find a way to facilitate incorporating security considerations as part strategic decision making and planning.
What was good enough yesterday, is not good enough today
As threats evolve and the costs of cyberattacks skyrocket, traditional approaches to measuring and reducing risk are falling short. Find out how exposed your organization is by requesting your security rating snapshot report.