In the same way that few would consider doing business with a company unwilling to disclose their financials, few will be willing to engage with a company that is not willing to disclose their cyber risk.
As markets, investors, business partners, insurers and customers wake up to the existential threat of cyber risks, whether in the form of financial, operational or reputational damage, the demand will grow to have this risk continuously quantified and assessed – preferably by authorized and publicly trusted third parties.
How sensitive are the most business critical systems to a cyber attack? What are the odds of confidential data being breached? What systems are in place to recover from an attack? And on a broader governance level: to what extent does a security mindset pervade the company culture? The decision-making processes? The day-to-day operations?
With public scrutiny intensifying, the days of cyber risk assessment as technical side note are gone. Publicly audited cyber risk assessments and ratings are here to stay. And boardrooms and C-suite executives should pay attention. Because the days when it could neatly be handed over for the CIO to handle are gone.
“We are combatting moving targets. As soon as new threats emerge, we have to counter with new protective measures. Things can go wrong in the blink of a moment and companies are vulnerable since they can be exposed and lose their credibility very quickly.”
PORTFOLIO MANAGER NETWORK AND SECURITY, CYGATE
This article is part of our report: 12 predictions for Tomorrow's Connected Enterprise read the rest of the predictions here:
Tomorrow's Connected Enterprise