2024HPE Nonstop NewsMarch 2024Uncategorized Cybersecurity in the Boardroom: A Strategic Driver for Growth by comforte March 13, 2024 written by comforte Cybersecurity has struggled for many years to make it onto the boardroom agenda. The perception of it as a purely technology function with limited strategic importance has led many organizations to take a short-term, check-box approach to managing cyber risk. This grossly undervalues the role cyber can and should have. In fact, one 2023 study finds that half (51%) of global business decision makers (BDMs) still consider “it a necessary cost but not a revenue contributor,” while 38% see it as a barrier rather than a business enabler. However, boards that are more engaged in cyber could stand a much better chance of achieving their strategic objectives. Time for engagement Boardroom interest in cybersecurity can vary significantly from business to business. That’s part of the reason why regulators are increasingly stepping in. The SEC’s recently introduced rules are designed to improve transparency and accountability to investors by forcing prompt incident disclosures and mandating boards to describe their oversight of and processes to manage cyber risk. The NIS2 regulation in Europe makes senior managers personally liable for non-compliance, resulting in serious breaches. It gives regulators the potential power to temporarily suspend their role. Even without the presence of such a big regulatory stick, it should be clear to boards that greater engagement with their CISOs makes sense for many reasons. It could help them to: Preserve competitive advantage by protecting sensitive corporate data Bolster growth by mitigating threats that could impact the organization financially and reputationally Drive success by supporting digital transformation initiatives and R&D investment Open the door to new markets by ensuring the organization can comply with local privacy/cybersecurity laws Build trust with prospective and existing customers, partners, and suppliers. A fifth (19%) of global BDMs claim their security posture has already impacted the organization’s ability to win new business Putting the pieces in place So, how should boards plan their cybersecurity governance efforts? A report from the World Economic Forum (WEF) is instructive. It describes six principles for improved oversight of cyber-resilience, which could also help to drive strategic goals. These are: Cybersecurity is a strategic business enabler. Understand the economic drivers and impact of cyber risk. Align cyber-risk management with business needs. Ensure organizational design supports cybersecurity. Incorporate cybersecurity expertise into board governance. Encourage systems resilience and collaboration. This work should begin with board directors increasing their knowledge of cyber risk management. A great place to start would be closer interaction with their CISOs, who should ideally be reporting to the CEO for maximum exposure to the business. The importance of data security Cybersecurity is no simple task. However, one core focus for boards must be on protecting the data itself. Why? Because data is arguably the most precious commodity an organization holds. It’s also key to winning customer trust. According to McKinsey, over half (53%) of consumers specifically look for companies with a reputation for protecting data, rising to 63% of those buying on behalf of organizations. And 46% say they’d consider switching brands when a company’s data practices are unclear. The challenge for modern organizations is that data can be created, stored, and moved across several distributed on-premises and cloud environments. That demands a data-centric security solution designed to continuously discover, classify, and then apply strong protection according to policy – wherever that data exists. Products like comforte’s Data Security Platform offer extra value in protecting data whilst enabling it to continue being used for processing and analytics. Data security should sit at the core of a strategic, board-led approach to cyber. From Apple to banking giant HSBC, the organizations that get this right at the very top are likely to put themselves in the driving seat for long-term growth. Learn how to discover, classify, and protect all sensitive data. Click the button below to download the solution brief for our Data Security Platform: March 13, 2024 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2022 Why it’s Time to Get Proactive About Security by Thomas Gloerfeld October 16, 2022 by Thomas Gloerfeld October 16, 2022 Of all the business risks facing organizations today, cyber-attacks were recently highlighted by executives as the most serious. That’s a heartening sign that awareness levels at the very top are at least improving. But it’s too soon to get carried away. In fact, separate research reveals that many organizations still treat security as … 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021DataData Security Getting Started with Data-centric Security by Dan Simmons December 6, 2021 by Dan Simmons December 6, 2021 With a proliferation of cyber-attacks throughout the pandemic, data-centric security has been pushed to the forefront of many organizations’ cybersecurity strategy. Even companies with mature security programs are vulnerable to breach, and since data is a valuable asset, it is crucial to properly protect it. The importance of securing … 0 FacebookTwitterPinterestEmail
ArticlesC2 Summer 2021DataSecurity Three Years of GDPR – a Look Back by Thomas Gloerfeld June 15, 2021 by Thomas Gloerfeld June 15, 2021 It might be hard to imagine, but it has been three years since the General Data Protection Regulation (GDPR) was implemented in the European Union (EU) on 25 May 2018. Time certainly does fly by when you are trying to protect data. Nevertheless, the term ‘GDPR’ has set a … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2021DataSecurity ‘New Nacha supplementing data security requirements coming up’ by Thomas Gloerfeld March 23, 2021 by Thomas Gloerfeld March 23, 2021 Nacha is a non-profit organization that convenes hundreds of diverse organizations to enhance and enable electronic payments and financial data exchange within the U.S. and across geographies. Through the development of rules, standards, governance, education, advocacy, and in support of innovation, Nacha’s efforts benefit the providers and users of … 0 FacebookTwitterPinterestEmail
C2 Fall 2020 End-to-End Cloud Data Security: Shouldn’t It Be a No-Brainer? by Trevor J. Morgan & Mark Bower September 22, 2020 by Trevor J. Morgan & Mark Bower September 22, 2020 Hardly a week goes by without news of a high-profile data breach. Sometimes, the damage is quite limited either due to the low market value of the apprehended data, the strength of the data security in place, or even the sloppiness of the threat actor… 0 FacebookTwitterPinterestEmail
C2 Summer 2020 Robust security strategy for your hybrid IT by Thomas Gloerfeld June 23, 2020 by Thomas Gloerfeld June 23, 2020 What Is Hybrid IT? At its most basic level, hybrid IT is a blend of cloud-based and on-premises IT services. When applications and data were all maintained on-premises (or in-house) standardization was a best practise and security was much simpler. Now that the business and IT are realising the … 0 FacebookTwitterPinterestEmail