When it comes to cybersecurity, the chains of communication that exist within an organization, if they exist at all, are often a mess. Multiple conversations about cyber risks are happening across a multitude of divisions in isolation. At the same time, members of the C-suite are measuring their potential impact using different metrics — financial, regulatory, technical, operational — leading to conflicting assessments. CEOs must address these disconnects by creating a culture that promotes open communication and transparency about vulnerabilities and collaboration to address the exposures.
Organizations of all sizes across all sectors are experiencing an exponential increase in their exposure to cyber risk. The number of endpoints that need protecting is exploding as consumers demand more digital interactions and smart devices. (Gartner estimates there will be more than 20 billion connected devices by 2020.) Adversaries have evolved from individual bad actors to highly capable organized crime groups and nation states. The regulatory landscape is increasingly shifting and, at times, conflicting at local, national, and international levels. High-profile cyberattacks — ranging from the one suffered by Sony Pictures in 2014 to the global ransomware attacks that occurred last May and June — highlight the huge financial and reputational stakes.