Cyber measures only effective with board-level approval, says expert

Jake Olcott, VP Government Affairs at BitSight

The only truly effective cybersecurity strategy is one with board-level approval, a security services executive has said.
The comments of Jake Olcott, VP Government Affairs at BitSight, come after revelations in the UK Government’s Cyber Governance Health Check indicating that less than a fifth of boards have a comprehensive understanding of the impact of cyber attacks.
“Too many organisations leave cyber risk management to IT or IT security professionals,” said Olcott, who has served as legal advisor to the Senate Commerce Committee, and as counsel to the House of Representatives Homeland Security Committee in the US. “This approach can result in poor prioritisation, misplaced resources, and other failures. Organisations with executive and board support for cyber risk management are more likely to be successful in reducing risk.”
Olcott identified crucial cyber risk management steps that companies should take to mitigate the risk of a cyber-attack, including examining the cyber incidents that could have a major reputational and economic impact on the organisation, running a security incident exercise, and making sure that the Board is brought up to speed on the effectiveness of cybersecurity programmes.
“To mitigate cyber risk on day-to-day basis, organisations must constantly monitor their diligence at implementing security best practices, and user behaviour,” he added. “It is also important that organisations know their industry’s security performance standards and perform peer and sector-wide security benchmarking. Traditional approaches to cyber assessment – like point-in-time security audits and compliance reviews – provide only limited internal security performance analysis with no insight into industry-wide standards for a comprehensive, real-time comparative assessment.”

Related IBS Intelligence Research

Related Posts