At ESG, we are just about to publish some new research on cyber risk management and I’ve been knee-deep in the data for the past month. Here are a few of my initial impressions:
- Business managers are far more involved than they used to be. A few years ago, business executives didn’t want good security, they wanted good enough security. Back then, security professionals bemoaned these half-hearted cybersecurity efforts, longing for CEOs with cybersecurity knowledge who were truly invested in strong cybersecurity controls and oversight. Note to cybersecurity pros, ‘be careful what you wish for.’ The ESG data indicates that corporate executives and boards are much more involved and demanding these days. This is forcing CISOs and infosec teams to collect and analyze more cyber risk data and present it to the mucky-mucks in business-friendly terms. The data indicates that this is already driving a new, more comprehensive model for cyber risk management.