Managing Cybersecurity Is a Risk Management Function
Cybersecurity breaches continue to make headlines. Just recently, the systems at multiple hospitals were successfully attacked, with at least one hospital purportedly paying a ransom to regain control.
These types of attacks can threaten the very existence of a company. But executives and boards in many organizations feel as if they don’t understand cybersecurity well enough to provide proper oversight.
With the need for management to protect its assets, how can management overcome its lack of understanding on security-related issues? The key is understanding that cybersecurity is a risk, just like credit risk, operational risk, and other organizational risks. Successful oversight requires a risk-based approach that is not limited to your IT or security departments.
Cybersecurity is first and foremost a business risk and needs to be managed with that in mind. It is a risk that your assets, stored online, might be stolen or compromised.