Cybersecurity Moves into the Boardroom

Cybersecurity Moves into the Boardroom

"Weak identity management policies lie at the heart of many data breaches and cybersecurity has therefore become a business priority for many"

As the number of data breaches keep rising, increasing by a staggering 40% last year alone, cybersecurity is a force to be reckoned with. New data suggests businesses are waking up to the reality and making it a priority – even in the boardroom.

Data breach is at an all-time high, hitting 1,093 in 2016 alone, across the US, up from 780 in 2015, according to the Identity Theft Resource Center. Whilst the data is in part related to better tracking and reporting of breach incidents, the numbers also confirm the threat of cyber insecurity.

The business sector once again topped the list in the number of data breach incidents, followed by the healthcare/medical sector. Accounting for 55.5% of the overall data breaches, hacking/skimming/phishing attacks were the leading cause of data breach incidents, up 17.7% from 2015.

Monitoring data key to preventing

Monitoring your data is key to changing these statistics as damage control becomes increasingly necessary.

Weak identity management policies lie at the heart of many data breaches and cybersecurity has therefore become a business priority for many – according to a joint survey by the New York Stock Exchange Governance Survey, even a topic discussed in the boardroom. This survey shows, that the responsibility of the organization suffering a data breach lies with the CEO, with the CIO coming in second.

“Responsibility for attacks is being seen as a broader business issue, signaling a shift away from putting the onus squarely on the chief information security officer (CISO) and the IT security team,” the report notes.

Interestingly, two-thirds of the survey participants said they are not fully confident their companies are properly secured against cyberattacks, worryingly for the CEO. This may also be why 80% of the survey participants said cybersecurity is discussed at most or all boardroom meetings. Board members also see cybersecurity in a more ‘business’-like context than the likes of the IT department, who have a more technical understanding. According to the survey, the top three worries for the board members were brand damage, breach cleanup costs and theft of corporate intellectual property.

A sense of urgency

Yet despite these figures, many still noted that cybersecurity is down prioritized by the board. So how do you make sure your board – and management – understand the urgency? One way, could be to illustrate that it can actually be seen on the bottom line.

According to Forrester Research, a company with 3,300 employees will spend more than twice as much on manual processes over three years than on automated ones. In other words, in the long run, investment in identity access management (IAM) makes good sense, also for the business. An example is the time spent provisioning and de-provisioning users, one of the last legs of the identity lifecycle. The processes for provisioning access for new accounts and disabling accounts for leavers or movers needs to be kept as efficient as possible. According to Forrester, the average user spends 300 minutes a year waiting for the help desk to manually provision or change their access – this is reduced to 200 minutes annually with a good IAM system in place.

Read and learn more about Omada’s identity management and access management solutions.