Thoughts on Corporate Risk and How Companies are Handling the Challenge
Single Sign-On: Key Element in Remote Cyber Auditing
As digital transformation enabled banks and other financial services firms to offer customer-facing services via the Internet, managing cyber risk effectively became essential. As remote auditing becomes the norm, employing Single Sign-on is becoming critical.Single...
CEOs: Maintain Cyber Resilience While Dealing with COVID-19
What is the relationship between the coronavirus outbreak and cybersecurity? Both require conscious CEO leadership.
Dozens of Texas Cities Suffer Ransomware Hack
Another day, another cyber attack — success for the hackers and another failure by city governments to have adequate protection.
Lawsuit Pins Customer Data Security Responsibility on CapitalOne
When will corporate America and their executives take a serious look at their culpability and liability in data breaches?
Massive Cyberattack Significantly Impacts Credit Risk Ratings for Equifax
For the first time ever, a major credit risk agency slashed a company’s credit rating due to a cyber breach. How can credit risk agencies improve their ability to assess cyber risk?
RIMS2019 Boston: 3 Challenges We Face Today
How Risk Managers Can Manage Cyber Risk
Cybersecurity Breaches Pose Significant Risk to Reputation: A Simple Solution to Ensure Client Trust
Despite being a cybersecurity expert insurer Hiscox Ltd. experienced a data breach. Could Hiscox have prevented this damaging blow to its reputation?
2019 – Make it the Year for Cyber Resilience
Some organizations handled it well, and others had trouble meeting cyber resilience goals. In 2019, make it the year for cyber resilience success.
Cyber Security Reaches Tipping Point (or Critical Mass)
Investment into Business Cyber Security Is Critical for Survival ONE TRILLION DOLLARS. That number should grab the attention of every CEO in America. The breach by Marriott Hotels pushes their potential financial liability to surpass a trillion dollars. The breach...
A Comprehensive Assessment of FFIEC CAT and NIST CSF
What are the differences between cyber assessments from FFIEC and NIST? Can information from one assessment help with the other?
Cyber Risk Success – Best Bet through an Integrated Risk Management Strategy
Recent studies exposed a massive misalignment between security spending and the actual cause of cyber breaches. Two-third of breaches are caused by someone either doing what they shouldn’t or failing to do what they should, yet three-fourths of security spending is on information technology solutions.
Getting Serious About Cyber Risk? The SEC Fails on Several Levels
"I don't know that much about cyber, but I do think that's the number one problem with mankind." Warren Buffett, 2017 Last fall, the new owner of Yahoo’s web business, Verizon, shared that forensic experts had discovered that all 3 billion of Yahoo’s user...
How Conduct Risk and Cyber Risk are Related
Conduct risk management began gaining traction in the financial services industry as a way to minimize the probability of another financial meltdown. The Equifax cyber meltdown exposed the close connection between managing conduct risk and cyber risk.
Equifax 2.0: Massive Aftershocks Result from Breach
In a recent Westlaw Journal article, I shared my conviction that the effects from the massive Equifax breach are only beginning to be felt. I believe this breach will have far reaching effects and perhaps change cyber law forever.
Transition from Technology to Governance – A CISO Strategy for Success
The strong technical background most CISOs bring to their position is a powerful asset, yet it can limit career growth if they fail to transition their perspective from technology to governance.
NY DFS Deadline is Looming. You CAN Speed Up Compliance
Pressure builds as the NY DFS cyber regulation deadline of February 15th approaches. Automation can accelerate meeting the requirements.
Six Cybergovernance Trends to Watch in 2018
Here are six reasons why we think cybergovernance is a something to watch for in 2018.
Tipping Point for Cyber Risk Governance – 2017 was the Year!
Cybersecurity governance moved up during 2017 as the #1 concern of corporate directors.
International Fraud: How aware are we really?
Why aren’t business leaders making cyber risk management a higher priority?
How Cyber Aware Is Your Company?
Explore Workplace Issues, Predictions for Tomorrow, Careers and Protecting Infrastructure
Equifax: They Shoot CISOs – Don’t They?
How could the company think firing a couple of people is even the first step to solving the problem?
The New Moral Imperative: Manage Cyber Risk
A deep moat and double walls don’t make up for internal fire protection!
Equifax breach confirms need for NIST cybersecurity measures
The massive Equifax breach has dramatically elevated the national cybersecurity conversation.
The Cybersecurity EO Deadline Has Passed. What can Agencies Do To Quickly Meet the Mandates?
Over the past two years, we’ve seen a step-by-step evolution toward a cyber version of Sarbanes-Oxley.
What the Private Sector Should Know About the Cybersecurity Executive Order & Its August Deadline
What does the government’s movement toward greater coordinated cyber defense mean for those of us in the private arena?
How to Get Serious About Building National Cyber Resilience
Based on experience to date, we continue to be locked in a cyber arms race with those who attack and those who protect, and the bad guys continue to win the race.
The Government Has Invested in Incentives to Protect Your Organization From Cyber Terror—Are You Taking Advantage?
With new headlines almost every day on cyberattacks increasing in frequency and scope, when will the government be concerned enough to take real action?
SXSW 2018: Vote to Bring Cyber Defense to the Conversation
SXSW Interactive’s 2018 PanelPicker process is in full swing, and we’re excited to announce two panels featuring our own Mike Shultz.
$450B is Serious Money! When Will We Get Serious about Cyber Risk?
Lloyd’s of London says cyberattacks caused an estimated $450B in worldwide business losses during 2016. How much cyber risk must we take on before taking concerted action to control it?
CEO: If You Want to Control Cyber Risk, Don’t Shoot the CISO
“…while 65% of C-suite executives are highly confident their cybersecurity plans are well established, only 17% are actually ‘cybersecured’ – demonstrating the highest degree of preparation.” - "Securing the C-Suite," IBM. How can CEOs and CISOs work...
No Chinks in the Armor: How to Vet Your Next Partnership for Cybersecurity
As cyberattacks continue to surge, we’re focused on strategies to prevent those attacks. Third parties are a common denominator the majority of the time.
The United States of (a Protected) America
What States Are Up to In Cybersecurity
Cybersecurity Executive Order Reaches Halfway Mark to Deadline. Are You Ready?
The midway point to the cybersecurity executive order deadline passed last week. If an agency is behind schedule, how can they catch up?
Telling Sign of the Times
Many analysts have been predicting a widespread global attack, and this incident set a new bar. It has become abundantly clear that no one is immune from attack.
June 28: National Cyber Insurance Awareness Day?
June 28 is National Insurance Awareness Day. With growing concern about how best to manage cyber risk, maybe we should give it an honorary designation this year.
Arming Your Organization for Cyber Risk Governance: Cyber Training Your Workforce, Top to Bottom
The eventual realization that cyber risk is another substantial form of corporate risk has changed how organizations address it. It’s now obvious that CISOs need help from all corners of an organization, including from executive management as well as rank-and-file employees.
90 Days Since New York’s DFS Regulations: Where Are We Now?
New York Department of Financial Services (DFS) issued proposed regulations on September 13, 2016 - applies to any entity that (1) obtains an individual's financial information in connection with a financial transaction or product, personal health information, or...
Risk Culture Touches Everything — Even Vulnerability Management
The aftermath of a cyber breach always involves a technical discussion around the specific failures that gave rise to the incident. This discussion can be difficult for non-technical leaders to engage in, which is frustrating given those same leaders are being held...
Can Agencies Meet the Cybersecurity of Federal Networks Executive Order On Time?
Federal agencies are now required to report on agency-wide risk mitigation and management using the NIST Cybersecurity Framework—within 90 days. Here’s how to make that happen.
Cyber Risk Governance Tackles Root Causes, Not Symptoms
According to the Department of Homeland Security, as many as 85% of targeted cyberattacks are preventable through basic risk-mitigation measures.
A Clear Picture of the Data Needs of Cyber Insurance Actuaries
The cyber insurance market has come to an inflection point.
Netflix: Cyber Extortion is the New Black
Cyber extortion exposes the lax cyber risk governance in place at media companies. What are the key issues their boards should focus on?
No Evidence Linking Power Outages in San Francisco, New York, and LA. But it is kind of weird.
“The specter of more significant cyber risk looming, and we should move toward greater cyber resilience on a national scale.” Although authorities have at least initially said no connection exists between power outages in three of the country’s largest cities on the...
We’ve Been in the News
While we avoid promotion in this blog, Cybernance has had significant coverage lately, including a Forbes interview, that is worth sharing with this audience.
What Boards Need to Know About Cyber
Board cyber literacy is crucial for effective risk oversight.
Yahoo, Russians, the SAFETY Act, and Cyber Risk Governance
The recent disclosure that Russian spies perpetrated the Yahoo hack is the latest chapter in the largest breach ever, and it points to new ways, like the SAFETY ACT, that can lessen liability for failures in managing cyber risk.
Cyber Risk Governance: Bridging the gap between institutional shareholders, governance, risk, cybersecurity and legal experts
Important Information about a Conference and White Paper
The 21st Century Approach to Managing Cyber Risk
Cyber Risk Governance recently emerged as a distinct discipline. How can we take a 21st century approach to implementing controls that enable boards to actively engage in overseeing cyber risk?
Cyber Risk Governance is a Unique Discipline
The term “Cyber Risk Governance” is being used frequently. What is a good definition, and how does it differ from GRC? Two years ago when we began building Cybernance, our strategy was based upon three views not widely held at the time: Cybersecurity is not just a...
Achieving National Cyber Resilience
How do we as a nation enhance our cybersecurity posture to increase our resilience against cyberattacks targeting the homeland? As the new administration forms, cybersecurity is one of its top national policy issues. Several days ago, Rudy Giuliani was tasked with (1)...
Warner-McCaul Cyber Act Becomes Law
Cybersecurity legislation is coming sooner than you think. WASHINGTON – The Senate and the House of Representatives approved the Warner-McCaul Cyber Act of 2017 Tuesday, with overwhelming bipartisan majorities in both houses. The bill creates the first coordinated...
Manage Cyber Risk Like Yahoo? No!
Companies addressing cyber risk have one of four options: accept it, avoid it, mitigate it, or transfer it.
A National Cyber Immune System Begins with Shared Knowledge
The underpinnings of an information sharing program are taking shape all around us.
Private Equity Firms Need Cyber Due Diligence
Verizon’s pending acquisition of Yahoo highlights a substantial risk faced by all private equity firms: how much cyber risk will the next transaction add to their portfolio?
Cybergovernance: 3 Initiatives for the First 100 Days
A new administration’s priorities are often set within its first 100 days. What should the new administration do to help the country achieve greater levels of cyber maturity and risk mitigation?
Advisen Cyber Risk Conference: Trends and Observations
Cyber Risk Insights, a conference focused on the cyber insurance market, marked our first adventure in co-sponsoring an industry event.
How Will Cyber Risk Evolve D&O?
Prudent board candidates have long demanded that directors’ and officers’ insurance be in place before accepting a board seat, and now D&O coverage is the default.
The Billion Dollar NIST Assessment
The billion-dollar Yahoo hack vividly why cyber risk mitigation must start from the top down and why board members should insist on getting the actionable information they need.
The Growing Mandate for Cyber Maturity Development
Widespread reporting and improvement of cyber defensive measures at thousands of organizations will eventually be mandated, similar to Sarbanes-Oxley.
To FICO or Not to FICO: Choosing the Right Model for Cyber Assessment
Several companies offer unique versions of a “FICO-like” score to measure cyber risk, but is a FICO score the right model to emulate?
Six Ways Directors Can Move Organizations to Cyber Maturity
Highlighting cyber risks to corporate boards reveals the pivotal role directors can play in moving an organization to cyber maturity.
FFIEC SaaS Assessment Saves Time
I’ve been meaning to write about automating FFIEC’s Cyber Assessment Tool. Now that we’re launching support for it, it’s time to talk about it.
Insurers Will Drive Stronger Cyber Resilience
A recent article written by Greg Otto at Black Hat is the first indication of the industry attitude shift that we bet the formation of Cybernance on 18 months ago.
Nowhere to Run, No Place to Hide
The psychological need to be perceived as competent and avoid embarrassment is universal, but when it blocks achievement of higher cyber resilience, it can’t be allowed to drive organizational behavior.
3 Ways to Cybernance Your Enterprise
What does it actually mean to manage and oversee cyber risk using a comprehensive cybergovernance framework?
Operational Excellence Through Cyber Risk Governance
Continuously monitoring and enhancing the cybersecurity infrastructure that supports online services will improve operational excellence.
Let’s Declare Cyber Independence Day!
Like locusts, hackers move from one organization to the next, and everyone is in imminent danger. While great individual weapons (technologies) have been created, no one is leading a charge to nuke them!
Who’ll Be the Gap Closer in Cyber Insurance?
A common model and vocabulary can close the chasm between the cybersecurity and cyber insurance communities, but who’s in the best position to bring all the stakeholders together?
Cyber Risk Market Heading Toward Adolescence
The quality of the recipients of this past week’s 2016 Advisen Cyber Risk awards highlights that, while the cyber risk market is not fully mature, it is moving toward adolescence. On June 15, Advisen announced the winners of the 2016 Cyber Risk Awards. Lockton’s Ben...
The Opportunity Inherent in Cyber Risk
Cyber risk represents not just a threat, but an opportunity. The upside will materialize in two ways: competitive advantage and operational efficiency.
Underwriting Cyber Insurance: The 3 P’s of Cyber Risk
Imagine that you’re responsible for underwriting the risk posed by prospective cyber insurance customers. How would you go about it? The Challenge The interest in cyber insurance is growing rapidly as the impact and frequency of highly publicized cyber breaches...
Are We Heading for a Cyber Sarbanes-Oxley?
“We are facing a crisis of confidence that is eroding the public's trust in our markets, and poses a real threat to our economic health... The strain on the economy is deep and spreading.” If you regularly track emerging stories about the effect that cybersecurity...
Which Approach to Cyber Risk Oversight is Best – Google, or 23andMe?
How do you measure how well your organization handles cyber risk? How healthy is your organization’s approach to cybersecurity governance?
What Boards Need to Govern Cyber Risk: A Conversation with Ralph Hasson
In a recent conversation, Cybernance EVP of Corporate Development Ralph Hasson identified 5 common needs for effective governance of cyber risk.
Ignoring Board Liability for Cyber Risk is Unwise
Rather than passively rely on D&O insurance to protect them from cyber risk liability, astute directors take an active hand in cybersecurity.
3 Trends: Taking a Deliberate Approach to Cyber Risk Mitigation
Three trends in compliance and information governance suggest that directors and management adopt a more deliberate approach to cyber risk mitigation
Told You So! The Impact of Cyber Risk on D&O Insurance
Early in 2015, we started predicting “carveouts” of cyber risk from D&O insurance policies, and that coverage after a breach would commonly be contested. Directors’ and officers’ (“D&O”) insurance is a small but high profile segment of the property and...
What’s the Half-Life of Cyber Risk Compliance?
To understand the value of your organization’s cyber risk assessment, it’s important to understand how long it will remain accurate.
Who Owns Cybersecurity in Your Organization?
Choosing the right standards to follow is important. Establishing a cyber risk platform that enables communication among all key stakeholders. But most important is placing ownership where it belongs.
Fixing America’s Failing Cybersecurity
A shortage of cybersecurity know-how is a genuine problem – if we don’t apply what we know, it won’t matter how many computer science graduates we produce.
Increasing Board Engagement with Cyber Risk
The need for board engagement in cybersecurity is universally understood, but simplifying it will require cooperation from all sectors.
The Size and Shape of Cyber Risk – Part 2
Wherein we discuss the relationship between risk pricing and risk appetite and how both introduce a flawed assumption in defining cyber risk.
The Size and Shape of Cyber Risk – Part 1
Cyber risk has no obvious shape or size; making it is exceedingly difficult to build actuarial models that present a depiction of expected outcomes.
Secure? Says Who?
If you’re a board member concerned about cyber risk, you regularly ask “how secure are we from a cyber breach?” Is the answer delivered in technology metrics or a measurement of business risk?
Cyber Defense in Depth
A military concept called “Defense in Depth” offers a compelling way to think about cybersecurity.
Is the Government Using Its Own Cybergovernance Standards?
The recent announcement of another IRS cyber breach raises this question: are agencies embracing and applying government cybersecurity standards?
6 Concepts That Help Boards Oversee Cybersecurity
Starting the company sprang from a belief that we had to make it possible for the board of directors to engage in cyber risk oversight, while protecting them from personal liability.
Threat Intelligence, Meet Defense Intelligence
Current threat-based models of reducing cyber risk are unsustainable. The smarter way to enact cybersecurity is through a risk-based model.
2016 Is The Year of Cybergovernance: How Directors Can Protect Themselves and Their Companies
The SEC, FTC, and the courts have made it clear that cybersecurity is a board responsibility. Why aren’t more boards protecting themselves?
Redefining the Cybersecurity Attack Surface Part 3: Managing Complexity
This is the last part of a 3-piece series on the concept of “attack surface”. Part 1 argued that an organization’s exposure to cyber risk – traditionally calculated as a tally of the technologies that house and traffic data – also includes the people who touch all...
Redefining the Cybersecurity Attack Surface Part 2: Risk & Liability
How does one define the “attack surface” of the risks and liabilities faced by boards of directors; an area that is often abstract, intangible and large?
Redefining The Cybersecurity Attack Surface, Part 1
When discussing an organization’s security posture, “attack surface” is the common term used to describe the aggregate vulnerabilities that the firm exhibits. But prevailing wisdom of what that means could lead to a false sense of security.
A Universal Model for Assessing Cyber Risk Part 4: Toward a Universal Cybergovernance Model
A foundational model is needed upon which industry-specific requirements can be layered.
A Universal Model for Assessing Cyber Risk Part 3: Obstacles to Effective Regulation
How technology alone is inadequate to address the cybersecurity challenges we face.
A Universal Model for Assessing Cyber Risk Part 2: Following the Path of Financial Governance
In which the rise of cybergovernance (cybersecurity governance) is contrasted with the history of financial governance following the passage of the Sarbanes-Oxley Act.
A Universal Model for Assessing Cyber Risk Part 1: More Than a Technology Problem
The growing realization that cybersecurity is not exclusively an IT problem has elevated responsibility for improving organizational cyberattack readiness to the board of directors.
Global Directors Are Focused on Cybergovernance
Global network of directors offers guiding principles for cybersecurity oversight.
Mapping Cybersecurity: Discover Hidden Structures in Your Org Chart
Cyber risk originates in many disparate branches of the org chart. Cybersecurity responsibilities should be mapped accordingly.
Cybergovernance: Are More Experts the Answer?
A recent Los Angeles Times story described how one company chose to enhance corporate governance of cyber risk (cybergovernance) by adding a cybersecurity expert to their board. Is this a path that other companies should emulate? Parsons Corporation is a...
Needed: A Shared Cybergovernance Model
My own theory is that we are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy. More and more major businesses and industries are being run on software and delivered...
Dual Axis of Threat Awareness
Introduction Keeping up with today’s torrent of cybersecurity breach information is a daunting task. The topic – and the alarms it rings – is deeply complex and moves at a blistering pace. If security doesn’t show up in their job description, an employee is likely to...
The Big Assumption
I’d like to conduct a quick thought experiment. Before you continue reading, pause for a moment and conjure up an image of the person you think is most likely to be in charge of cybersecurity in any given modern-day company. What is the person’s title? What is the...
Subscribe
Be notified of new Journal entries in your email box or Follow us on Twitter.
Cybergovernance Journal – 11/11/19
October was the 16th annual National Cybersecurity Awareness Month (NCSAM). Read about the results of the first statewide cyber benchmark conducted for the banking industry.
Corporate Law & Governance Update: February 2019
There is a notable increase in governance discourse on the relationship of corporate purpose to sustainable revenue growth, in the context of changing social and political structures.
Cybergovernance Journal – 6/2/18
As we mentioned last month, managing conduct risk can improve attitudes about safe handling of customer data from the executive team down, and it encourages responsible initiatives that increase cyber resilience.
Cybergovernance Journal Update – 4/28/17
Just because insurance companies are gearing up to provide better cyber risk insurance it is still not the best excuse to be lax in cybersecurity practices.
Cybergovernance Journal Update – 4/21/17
Addressing cybersecurity effectively may seem like an undue burden and waste of institutional resources — until you are hit with a breach.
Cybergovernance Journal Update – 4/14/17
Relying solely on your IT department to handle cyber risk governance is asking for financial, legal, and institutional trouble when there is a breach.
Cybergovernance Journal Update – 4/7/17
You can give your IT department all the toys in the world, but that won’t solve your cybersecurity problems or comprehensively reduce your company’s cyber risk.
Cybergovernance Journal Update – 3/31/17
How transparent should your cybersecurity strategy be? Should cyber risk reduction be left in the hands of a few security experts or should it be an organization-wide effort to protect the company?
Cybergovernance Journal Update – 3/24/17
With the NIST framework used to measure federal agencies’ and department’s cybersecurity resilience, is it time for private institutions to gauge their own cyber defenses by the same or similar standards?
Cybergovernance Journal Update – 3/17/17
Not all cybersecurity frameworks are equal. While some companies recognize they need to utilize the most comprehensive plans, others will only implement the bare minimum putting other institutions at risk.
Cybergovernance Journal Update – 3/10/17
On March 16, we will speak and lead a panel at a Skytop Strategies conference on Cyber Risk Governance. Friends of Cybergovernance Journal who want to attend can get a 30% discount. We hope to see you there!
Cybergovernance Journal Update – 3/3/17
With the U.S. Government aiming to require agency compliance with the NIST Cyber Security framework, is making it part of a national cybersecurity regulatory plan that far off?
Cybergovernance Journal Update – 2/24/17
With the average cost of a cyber breach being $4 million (in addition to loss of future revenue and customers), what more motivation do board members need to take cyber risk seriously?
Cybergovernance Journal Update – 2/17/17
In the ever-changing world of cyber risk management, companies and organizations struggle for a way to get best available intelligence to their executive boards.
Cybergovernance Journal Update – 2/10/17
The monthly Cybergovernance Digest – check it out and sign up! Human hacking is one of the easiest ways for agents to create a breach, especially if company culture is not improved alongside technological cyber risk measures. LinkedIn Pulse, Feb. 8The psychological...
Cybergovernance Journal Update – 2/3/17
So you’ve finally committed your organization to a solid cybersecurity plan. How do you plan to monitor progress and find weaknesses?
Cybergovernance Journal Update – 1/27/17
The monthly Cybergovernance Digest – check it out and sign up! The worst way to deal with cybersecurity is to ignore the cyber risk your organization exposes itself to and then cover up evidence of the inevitable breach(es). Cybergovernance Journal, Jan. 23 The term...
Cybergovernance Journal Update – 1/20/17
The monthly Cybergovernance Digest – check it out and sign up! Spooked by data breaches and the bad press that accompanies them? It's never too late to obtain a cybersecurity audit and cultivate cyber risk mitigation habits. Cybergovernance Journal, Jan. 16How do we...
Cybergovernance Journal Update – 1/13/17
The monthly Cybergovernance Digest – check it out and sign up! Cybersecurity vulnerabilities don't just happen at the institutional level, but across interconnected and interdependent systems. A commonly adopted and widely accepted framework could lessen those shared...
Cybergovernance Journal Update – 1/6/17
The monthly Cybergovernance Digest – check it out and sign up! Government action on cybersecurity will be a hot topic this year as many nations focus on systems vulnerable to cyber attack with little in the way of defined policy to counteract it. Cybergovernance...
Cybergovernance Journal Update – 12/30/16
The monthly Cybergovernance Digest – check it out and sign up! While some strides in cybersecurity mitigation have been made in the past year, organizations as a whole still have much to do to keep threat actors at bay. Cyberscoop, Dec. 28It’s that familiar season...
Cybergovernance Journal Update – 12/23/16
Because there is no end point to establishing permanent cybersecurity, it is important to foster an organizational structure that is resilient, aware, and nimble.
Cybergovernance Journal Update – 12/16/16
A security breach can not only impact customer data, trade secrets or national security, it can also effect your company’s sale price.
Cybergovernance Journal Update – 12/9/16
Good cybersecurity planning can not only prevent an embarrassing, and costly, consumer data breach, but secure your intellectual property from theft.
Cybergovernance Journal Update – 12/2/16
As comprehensive cybersecurity practices become better defined we find that the scope has moved beyond organizations to encompass an internet of things; from refrigerators to pacemakers.
Cybergovernance Journal Update – 11/18/16
A strong cyber risk monitoring framework not only protects your organization from attack, but also augments your existing business strategy.
Cybergovernance Journal Update – 11/11/16
With a new incoming administration in the United States comes the possibility of a new direction and focus for government regarding cybersecurity.
Cybergovernance Journal Update – 11/4/16
As cybersecurity of digital infrastructure becomes increasingly vital, spreading risk around continues to be slowed by an ever-changing cyber threat landscape.
Cybergovernance Journal Update – 10/28/16
The insurance industry moving into the cybersecurity arena means the reduction of risk has to become more of a science than art.
Cybergovernance Journal Update – 10/21/16
A large problem in managing cyber risk is creating, and perpetuating, a culture within an organization that is security-aware.
Cybergovernance Journal Update – 10/14/16
Government bodies are working to ensure organizations build solid cybersecurity plans, which requires a board of directors who are committed to implementing them, which requires a cyber risk team that can provide actionable intelligence.
Cybergovernance Journal Update – 10/7/16
“Inconvenience,” hopelessness, or outright ignorance is not valid basis for cybersecurity strategy — especially when expert help is readily available.
Cybergovernance Journal Update – 9/30/16
As cybersecurity increasingly becomes a matter of national security, governments at the national and state levels vie to find regulatory solutions.
Cybergovernance Journal Update – 9/23/16
“Based on Gartner, NIST says 30% of U.S. organizations used the framework in 2015, and it expects usage to grow to 50% by 2020″
Cybergovernance Journal Update – 9/16/16
With multiple risk assessment frameworks available it’s time to evaluate which plans provide the greatest benefits, and which give a false sense of security.
Cybergovernance Journal Update – 9/9/16
Cybersecturity isn’t just protecting your technological infrastructure, but creating an organizational culture resistant to human hacking.
Cybergovernance Journal Update – 9/2/16
As the cybersecurity market matures and grows, some organizations are refining their policies while far too many are still lacking any policy at all.
Cybergovernance Journal Update – 8/26/16
Lax cybersecurity practices are increasingly becoming more of a liability for companies. Rather than being forced to by law or threat of legal action by stockholders and customers, a proactive company can get ahead of the coming regulatory curve. Cybergovernance...
Cybergovernance Journal Update – 8/19/16
>Keeping up with every external threat to your organization can be a Sisyphean task. Ensuring your company’s cyber resilience by focusing on internal practices in addition to physical infrastructure is achievable.
Cybergovernance Journal Update – 8/12/16
If organizations are hesitant or, worse, resistant to shoring up their cybersecurity practices, their insurance company and public shame may force them to.
Cybergovernance Journal Update – 8/5/16
With signs of a “cyber jihad” coming because of a mature hacking marketplace, organizations need to do more than rely on automated systems to protect themselves.
Cybergovernance Journal Update – 7/29/16
One of the problems of cybersecurity is that an assessment is a snapshot within a rapidly changing environment. This makes choosing a solid, reputable method of assessment for your organization all the more important.
Cybergovernance Journal Update – 7/22/16
Many companies still view cybersecurity as an IT-only problem. However, those who implement it with a holistic, institution-wide plan also reap the benefits of increased operational excellence.
Cybergovernance Journal Update – 7/15/2016
It’s not recommended, when you are hit by hackers, that you cover it up to avoid liability. It’s better to have a comprehensive, holistic cybersecurity plan that is more than software plus the IT department.
Cybergovernance Journal Update – 7/8/2016
At the federal and state levels, the U.S. government is making several moves to assist cybersecurity best practices; by establishing a federal CISO, ongoing cyber dialogs with China and increasing use of private, secure cloud networks for state business. Cybernance...
Cybergovernance Journal Update – 7/1/2016
There is growing acceptance that cyber risk is a part of doing business. But how can a company or organization accurately gauge an acceptable level of risk?
Cybergovernance Journal Update – 6/17/2016
The quantification of cyber risk is a hot topic as companies and organizations seek to insure themselves against security breaches.
Cybergovernance Journal Update – 6/10/16
One of the more common cyber attacks, phishing, is on the rise and many times it is coupled with ransomware. This is one of many reasons that, by 2020, most digital businesses will be affected by major service failures.
Cybergovernance Journal Update – 6/3/2016
The $18M bank heist in Bangladesh is a case study in the result of not having a comprehensive cybersecurity plan in place. But which plan is best? NIST? The developing European approach? LinkedIn Pulse, May 31, 2016The NIST Cybersecurity Framework has won universal...
Cybergovernance Journal Update – 5/27/2016
The vast majority of companies continue to be unprepared for cyber breaches, but will the passage of a “Sarbanes-Oxley” bill for cybersecurity provide the guidance and motivation to get them secure?
Cybergovernance Journal Update – 5/20/2016
From a mixed Obama legacy on cybersecurity to institutional standards implementation to declaring cyber warfare, the US government is struggling to deal with cyber risk.
Cybergovernance Journal Update – 5/13/2016
Cybersecurity leadership from an organization’s board is necessary to combat rising cyber risks like ransomware.
Cybersecurity Governance News – 5/6/2016
Being prepared and following best cybersecurity practices is the first step in preventing your data being stolen and sold on the dark web. SC Magazine, May 4Hold Security said the batch came from a “Russian kid” that one of its analysts found who had gathered 1.17...
Cybergovernance Journal Update – 4/29/2016
Unprepared executives, losing sleep from cybersecurity issues, some not being able to read a cybersecurity report, are a cyber risk, not only to their careers but to their organizations.
Cybergovernance Journal Update – 4/22/2016
One of the best markers that cybersecurity is rising in importance is looking at how the insurance industry is reacting to cyber risk. Another is to observe how national governments are reacting, or failing to act.
Cybergovernance Journal Update – 4/15/2016
The price of reducing cyber risk is constant vigilance. It is not a duty reserved for the IT department or a few executives, but an organization-wide effort of compliance and training.
Cybersecurity Governance News – 4/8/2016
Cybergovernance is slowly maturing with the refinement of the NIST framework, strategies to fill security positions and increasing awareness that the entire organization is responsible for cybersecurity.
Cybersecurity Governance News – 4/1/2016
Cybersecurity awareness continues to rise; and with it the realization that the business world is far behind. Shortages in security talent has driven salaries up and boardroom governance is still below where it needs to be.
Cybersecurity Governance News – 3/25/16
Mounting cyber risks are reaching the point where they adversely effect insurance ratings. The entire organization must be involved in preventing breaches.
Cybersecurity Governance News – 3/18/16
While a new crop of MBAs specializing in cyber security analytics are being trained, current executives still need to protect themselves and their companies. Basic cybersecurity practices are easy to implement, but comprehensive implementation requires a challenging amount of organizational discipline.
Cybersecurity Governance News – 3/11/16
Personal and corporate liability for breaches is a hot topic and action is being taken by the financial industry.
Cybersecurity Governance News – 3/4/16
The technological elements of cybersecurity remain the easiest to regulate and build. The human elements, on the other hand, require changes that many companies are too slow in adopting.
Cybersecurity Governance News – 2/26/16
Ensuring cybersecurity is relevant and important to everyone in your organization, not just the IT department, is a challenge.
Cybersecurity Governance News – 2/19/16
Turning cybersecurity theory into practice is a challenge in the government and business spheres. The real world consequences of overconfidence in partially implemented plans can lead to ransomware demands and data breaches, putting CEO and Boards at risk of litigation.
Cybergovernance Journal Update – 2/11/2016
NIST Framework is gaining traction in government circles, but companies are still falling short of comprehensives solutions; instead relying on periodic risk assessments or throwing more experts at the problem. Financial Times, Feb. 11 Mr. Weil says companies need to...
Cybergovernance Journal Update – 2/5/2016
Regulations, periodic assessments and theoretical models can only lead the way to a partial, but not comprehensive, cybersecurity solution. This is especially true when it comes to making cybergovernance accessible to executives — until now.
Cybergovernance Journal Update – 1/29/2016
As security breaches, especially from state actors like China, increase risk, technological, legislative and framework strategies are evolving to counter them.
Cybergovernance Journal Update – 1/22/2016
While state actors plot further government and corporate breaches, strategies are being further refined to deal with them. Cybersecurity responses are moving from ineffective single-point plans to comprehensive structural risk responses.
Cybergovernance Journal Update – 1/15/2016
Companies and government entities started the year by better defining cybersecurity and how to protect themselves from cyber attack.
Cybergovernance Journal Update – 1/8/2016
The holidays were, once again, an unhappy time for corporate cybersecurity. 2015 also saw most organizations lacking comprehensive cybersecurity.
Cybergovernance Journal Update – 12/18/2015
Latest news and opinion on cybersecurity governance from Cybergovernance Journal
Cybergovernance Journal Update – 12/11/2015
More companies around the world are coming to realize how vulnerable they are to cyber attack. Recent articles discussed legislation aimed at ensuring cybersecurity standards are met, vulnerabilities to national infrastructure and to businesses, and how cyber affairs...
Cybergovernance Journal Update – 12/4/2015
Cybergovernance is a hot boardroom topic – globally! The consensus is that success in mitigating cyber risk must involve an increased level of understanding by executives and board members, and increased education and awareness throughout the organization.
Cybergovernance Journal Update – 11/27/2015
As more breaches happen and shareholder lawsuits follow, discovering how your organization as a whole, not just the technology team, deals with cybersecurity grows in importance. Directors must also understand how data must be handled in order to combat global espionage that is growing with the rise of global workforces.
Cybergovernance Journal Update – 11/20/2015
The visibility of cybersecurity breaches as a source of corporate risk continues to grow. Recent articles discussed adding cybergovernance experts to boards, regulation in the financial services and healthcare industries, and worldwide concern for better security and...
Cybergovernance Journal Update – 11/13/2015
Members of the U.S. futures market will soon be measured against heightened cybersecurity standards geared towards enhancing incident preparation, prevention, and response among industry participants regulated by the National Futures Association (NFA) Read Article...