Let’s connect cybersecurity and business today.
On Thursday, Moody’s financial services and credit rating provider published new research, including a survey of financial services, enterprise firms, infrastructure providers, public sector organizations, and government entities. Quoting from ZDNet,
Out of those surveyed, 93% now have a cybersecurity manager who reports directly to the board. However, their importance in a company varies.
Managers in financial companies were far more likely to report directly to business leaders (71%) than corporates, infrastructure firms, or public entities, at 61%, 57%, and 50%, respectively.
“A direct line to the CEO supports more frequent interactions between the cyber manager and the executive team” Moody’s noted. “This fosters greater awareness and understanding of cyber risk within an organization and typically translates into more.
Our survey results show a strong correlation between the closeness of the reporting structure between the cyber manager and the executive suite, and the amount of budget and resource allocation to cybersecurity,” Moody says. “Survey responses also show that more cyber expertise at the board of directors level correlates well with adopting more advanced cyber defense practices.
Why do we care?
Here’s the key to success in cyber security – you had better be linked to the decision-makers. It seems incredibly obvious… and yet, many of the discussions around security happen at the IT level and not the executive level. This isn’t an IT discussion; it’s a risk analysis one – and that’s a business decision. Cliché, sure, yet why isn’t this everywhere?
Security discussions that don’t involve the executive suite are doomed to failure.