Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million, and these costs are expected to grow by 15% over the next five years.
Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look for or how cybersecurity impacts the business. What the board really wants to hear in the next report is how you’re generating results for the organization and how those results are creating ROI on the spend. Here are a few cybersecurity questions and a few metrics that the board really wants to hear about in the next report.
One of the more challenging aspects of third party risk management is effectively communicating risk. Often the risks posed by vendors are highly technical, and it can be tempting to simply put together a slide or list to review with business owners, executives or board members. But this can often create an obstacle to buy in, as few people have the expertise to understand what these risks mean.
No one should be surprised to learn that IT and cybersecurity jobs can be extremely stressful. Now, a convergence of trends has, in many cases, brought this stress to a breaking point.
Since the creation of the first CISO role about 25 years ago, the job has changed dramatically. What was once an uncommon position has quickly become standard, with the majority of companies including a cybersecurity-specific role in their C-suites.
Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.
Data breaches are a constant in today’s headlines, but in recent years the risk has been front and center of some of the most significant M&A deals. In 2017, Verizon discounted its acquisition price by $350 million when Yahoo belatedly disclosed that it experienced several massive breaches. And in November 2018, Marriott publicly disclosed that Starwood’s guest reservation database — containing hundreds of millions of personal records — had been compromised since 2014, prior to the Marriott acquisition. These incidents — and countless others — raise critical questions. How should Boards be thinking about cyber risk in the acquisition process? What steps should they take to address this risk prior to the acquisition?
In the months since Bitsight’s inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
In today’s evolving threat landscape, corporate directors are increasingly asking for security performance updates from Chief Information Officer, Chief Information Security Officers, Chief Risk Officers, and other executives.
In today’s evolving threat landscape, corporate directors are increasingly asking for security performance updates from Chief Information Security Officers, Chief Information Officers, Chief Risk Officers, and other executives. I recently sat down with James Lam, director at RiskLens and E*TRADE Financial Corp., to discuss Board members’ responsibility when it comes to information security and cyber risk.
Cybersecurity is a growing topic of discussion in Board meetings everywhere — given this fact, Board members need to be prepared to speak knowledgeably about their organization’s cybersecurity posture and programs. As businesses near the last quarter of the year and begin their planning processes, Boards must also be thinking about how to best prepare for 2019. Here are some factors that Boards must take into consideration:
In today’s landscape, managing your internal security processes as well as creating a third-party vendor risk management program should be top of mind, but prioritizing a solid understanding of the metrics surrounding your cybersecurity programs almost just as important. These metrics should dive deeper than “yes” or “no” questionnaire answers, but should help you gain a more comprehensive understanding of where you and your third parties fall when it comes to proactively mitigating cyber risk.
In today’s evolving cyber risk landscape, Boards of Directors are becoming increasingly concerned about their company’s security performance. In fact, the NACD has found that 89% of public companies and 72% of private companies regularly discuss security at Board meetings. While they are asking for updates on enterprise cybersecurity posture more often, they do not necessarily have the expertise or experience to know what to ask for — or how to interpret the technical information presented to them.
As a member of your company’s board, you know that cybersecurity is a critical risk that simply cannot be ignored, and that should be reported on regularly by the appropriate executives. According to the 2017 NACD Director’s Handbook on Cyber-Risk Oversight, 89 percent of public-company directors say cybersecurity is discussed regularly in board meetings, and 72 percent of private-company directors say the same. Most companies are clearly moving in the right direction.
Cybersecurity is a growing topic of discussion in Board meetings everywhere, and more and more security professionals are being asked to present on it in high level meetings. Company leadership is busy, so it’s your responsibility to present a case to them that’s ready for review. We reached out to some security executives and CIOs and asked them for tips on what common mistakes to avoid when presenting your case to executives or the Board.