Too often, corporate leaders fail to pay attention to the importance of cyber security, and the risks of failing to secure cyber resources. Organizations such as the UK’s National Cyber Security Centre (NCSC) are looking to change this problem by encouraging executives to be engaged, and recognizing cybersecurity is not just an IT issue. Says Sarah Pearce, partner in the privacy and cyber security practice at international law firm Paul Hastings, “It’s been very much seen as an IT problem because some of the requirements to prevent cyber attacks require technical mechanisms and procedures to be put in place, so boards think the tech team will take care of it.” This misconception occurs despite attackers continually targeting non-IT parts of organizations, like HR, finance, marketing, and other departments which will hold important personal or technical data.
“Cyber security is now a mainstream business risk. So corporate leaders need to understand what threats are out there, and what the most effective ways are of managing the risks,” says Ciaran Martin, Chief Executive of the NCSC, to ZD Net. “But to have the plain English, business-focused discussions at board level, board members need to get a little bit technical. They need to understand cyber risk in the same way they understand financial risk, or health and safety risk.”
Source:
https://www.zdnet.com/article/cyber-security-your-boss-doesnt-care-and-thats-not-ok-anymore/
