Boards depend on cybersecurity visibility to ensure their organizations are protected against digital threats. But while it’s tempting to look for solutions that offer cybersecurity insights, having more tools isn’t always better. In fact, research by IBM shows that compared to those with fewer tools, organizations using more than 50 different security solutions ranked 8% lower in their ability to detect cyberattacks and 7% lower in their ability to respond to cyberattacks.
What’s at stake? The 2020 EY Global Information Security Survey shows that while 92% of boards are fully or somewhat involved in cybersecurity direction and strategy, only 20% are extremely confident that their organization will be able to protect itself from a significant cybersecurity attack. Even more worrying, the EY survey also shows that at 59% of organizations, the relationship between cybersecurity and other key business functions is either neutral, mistrustful or nonexistent. Without trust, organizations will be less likely to adopt needed cybersecurity investments.
Consequently, improved cybersecurity visibility will play an essential role in strengthening these relationships and boosting board confidence.
Boards Must Consider These 3 Critical Elements for Complete Cybersecurity Visibility
- Technical visibility: This is where organizations assess both internal vulnerabilities and external threats. The number of connected devices has grown steadily in recent years, and the transition to remote work has only added to the challenge of maintaining network security. In this evolving landscape, with attacks now targeting cloud-based managed service providers, boards may also have concerns about turning business operations over to the cloud. And because organizations are responsible for keeping their data secure, even when it is in the hands of third parties, adding additional service providers adds a level of complexity to cybersecurity defenses. Organizations must work with service providers to ensure they retain full visibility.
- Operational visibility: Current research shows that 94% of malware is delivered through email and that phishing attacks make up more than 80% of cybersecurity incidents. Rather than looking for weaknesses in technology, these attacks exploit people: the employees who click on a link in a suspect email, or hand over sensitive information to a hacker. Operational visibility gives insight into how and why people are accessing data, which helps keep the organization compliant and secure. Boards must ensure they receive cybersecurity training and education and that training is also made available to every employee. Failure to do so can have serious consequences: in addition to amplifying the financial impact to the organization (in 2020, compliance failures added more than $250,000 to the average total data breach costs), board directors can also be held personally liable.
- Organizational visibility: Organizational visibility lets boards assess the extent to which a cyberattack could damage the company’s brand, reputation, or intellectual property. Lost business, including increased customer turnover and increased recovery costs due to damaged reputation, consistently represents the largest contributing factor to data breach costs.
For many organizations, the consequences of poor cybersecurity visibility can be catastrophic. And while data breaches at the largest organizations tend to get the most attention, smaller organizations often bear a much greater financial impact: in 2019, the average cost of a data breach for organizations with between 500 and 1000 employees was $3,533 per employee, compared to just $204 per employee for organizations with more than 25,000 employees.
Recommendations for Achieving 24/7 Cybersecurity Visibility
When organizations have the right cybersecurity solutions in place, boards not only gain a better picture of the external threats but also get the insights and understanding that can help foster stronger relationships between key business functions and cybersecurity. This, in turn, plays a critical role in establishing a stronger cybersecurity culture across the entire organization.
The Diligent Boards application uses a clear and straightforward A-F grade scale so that board directors can easily understand, communicate and improve their cybersecurity posture, and ratings from SecurityScorecard effectively highlight cybersecurity vulnerabilities. With instant access to both current cybersecurity vulnerabilities at the micro-level and a high-level cybersecurity risk score, boards can better take the decisive action needed to avoid cyber attacks. You can learn more about how Diligent Board Management Software gives your leadership better visibility in cybersecurity through a demo with our team.