Cyber threats constantly evolve with increasing intensity and complexity. The ability to achieve mission objectives and deliver business functions is increasingly reliant on information systems and the Internet, resulting in increased cyber risks that could cause severe disruption to a company’s business functions or operational supply chain, impact reputation, or compromise sensitive customer data and intellectual property.
Organizations will face a host of cyber threats, some with severe impacts that will require security measures that go beyond compliance. For example, according to a 2011 Ponemon Institute study, the average cost of a compromised record in the U.S. was $194 per record and the loss of customer business due to a cyber breach was estimated at $3 million.
Below, I have listed key questions to guide leadership discussions about cybersecurity risk management for your company.
- How Is Our Executive Leadership Informed About the Current Level and Business Impact of Cyber Risks to Our Company?
- What Is the Current Level and Business Impact of Cyber Risks to Our Company? What Is Our Plan to Address Identified Risks?
- How Does Our Cybersecurity Program Apply Industry Standards and Best Practices?
- How Many and What Types of Cyber Incidents Do We Detect In a Normal Week? What is the Threshold for Notifying Our Executive Leadership?
- How Comprehensive Is Our Cyber Incident Response Plan? How Often Is It Tested?