Page 25 - Finanancial Management_2022
P. 25
he global COVID-19 pandemic EMEIA financial services cybersecurity organisations with these companies in
has exponentially increased the leader, said: “Companies are outsourcing a their supply chain.”
number of cyberattacks on lot of their cybersecurity needs, but you Budgeting needs to be driven by more
companies, countries, and can’t outsource risk — responsibility than image concerns and regulation. The
T individuals — in part because ultimately sits with you. This is a global GISS suggests that organisations should
of widespread government spending threat that crosses jurisdictional budget for cybersecurity in a different way
programmes applied for and administered boundaries. Companies need to stop than they have in the past. “We’ve
online. A 2021 global threat report by looking inwards and locally, and boards recommended that arguments focused
cybersecurity firm CrowdStrike found need to be better equipped to support around value creation and transformation,
intrusions involving hands-on keyboard management.” not just value protection and recovery, will
techniques increased fourfold during the Merle Maigre, former director of NATO’s resolve some of the tensions between the
prior two-year period. Cooperative Cyber Defence Centre of CISO and the board,” Seth said.
In a world of increasingly linked Excellence, argued that “while it is a good Instead of focusing on how not to be the
organisations, each target is a risk to sign that so many companies have a chief subject of a cyberattack, or how
others, and the financial damage wrought information security officer [CISO], that cybersecurity is essential for customer
by these attacks can be significant. Attacks CISO has to have a meaningful relationship trust, the value-creation argument allows
on companies can compromise critical with the board”. That is where it gets tricky. organisations to invest in new
national infrastructure, and attacks on According to EY’s findings, only 48% of the technologies that enhance outcomes for
individuals can open back doors into respondents felt that “their board and customers and clients — for example, in
companies already stretched to the limit. executive management team have the healthcare, where connecting highly
As the harried world works from home and understanding they need to fully evaluate valuable and sensitive patient data can
more businesses join the cloud to manage cyber risk and the measures it is taking to lead to substantially better patient
their data, bad actors continue to take defend itself”. outcomes and increased operational
every advantage they can. So how can boards learn more about efficiencies.
cybersecurity and adjust to new risks? And
Not up to speed how can executives charged with Educate
EY’s Global Information Security Survey cybersecurity bring the board along with According to Maigre, one of the best ways
(GISS) revealed in 2020 that 59% of senior them? The answer is threefold. that executives can help the board
leaders at almost 1,300 organisations understand the fundamental importance
interviewed had faced a “material or Budget of cybersecurity is to test board members’
significant incident in the past 12 months”. Ultimately, much of an organisation’s own online security. Maigre said that a
And that was before the coronavirus and ability to handle cyberattacks will come session in which they are asked about the
mass home working. The survey found that down to investment in IT security. security of their passwords, the types of
48% of boards expected a cyberattack or “There are three types of cyberattack things they post online, and the apps and
data breach to more than moderately affect — theft, subversion, and sabotage. And services they use can be very helpful. This
their organisation in the next 12 months. they are all increasing,” Maigre said. She has two benefits, she said. First, it helps
Yet EY also found that only 20% of explained that one growing trend is for illustrate the type and depth of work that
boards were extremely confident that the hackers to use ransomware to steal needs doing and shows that insecure
“cybersecurity risks and mitigation information that is not valuable to them practices can be commonplace. Second, it
measures presented to them can protect per se but is valuable to the organisation, secures the communications of board
the organisation from major cyberattacks.” demand a ransom for that information, members, who are themselves prominent
And worryingly, 7% of respondents to the take the ransom, and then sell or leak the targets for attackers because they often
GISS said that cybersecurity was never on data anyway. Cybersecurity research possess sensitive information.
the board’s agenda, while only 29% said it company Cybersecurity Ventures predicted Another key way that executives can
was on the agenda on a quarterly basis. that ransomware attacks would occur educate the board on cybersecurity is to
Facts and figures abound, but one thing is every two seconds by 2031 (compared with hire experts to speak with them in their
clear: Although they may be more aware of every 11 seconds in 2021), with a total various subcommittees. “The job of the
the risks now, most boards were not up to attendant cost of around $265 billion. board is to probe management’s strategies,
speed on cybersecurity before COVID-19. “Hacking is becoming more complex, but if they’re not equipped to do so, then
This is a problem because the board has more common, and more professional,” that querying role becomes impossible,”
a key role to play in a company’s Maigre said. “It is looking pretty bleak for Seth said. Maigre advocated having a cyber
cybersecurity. Boards help manage risk, those small and medium-sized expert on the board itself — and there is
regulation, investment, and governance organisations which feel like they do not evidence to suggest that, in the US at least,
— and cybersecurity has an impact on all have the resources to invest in IT security companies are looking to hire such
four. In an interview, Kanika Seth, EY — and by degree bleak for those larger experts.
FM-MAGAZINE.COM February 2022 I FM MAGAZINE I 23