Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
DECEMBER 2022CIOAPPLICATIONS.COM9reduce the risk of a successful attack, but not everyone is so fortunate. History has shown us that the largest companies and even the governments cannot fully prevent an attack.Since 2020, cyber-attacks and especially ransomware have seen triple digit increases year over year. In 2021, the US White House issued a memorandum to corporate leadership warning of the potential threat of ransomware and the destructive nature of it. On April 12, 2021, Federal Reserve Chairman Jerome Powell state in an interview onCBS 60 Minutes that cyber is the #1 threat to the economy. An attack on a major payment processor could devastate the economy.Soon after, the US White House issued several memorandums addressed to corporate executives and critical infrastructure. Advising US companies on what to do to minimize these risks.The likelihood of a full-scalecyber-attack increased dramatically during the weeks leading up to the February 20th, 2022,Russian evasion of Ukraine. Since that time, multiple warnings from the FBI and US Division of Homeland Security have occurred on the potential of Russian cyber-attacks.If the US Government or Russia officially declares that we are in a cyber war, many cyber-victims may not be able to be reimbursed by their cyber insurance carrier for damages. Most carriers have a war clause that excludes any sort of reimbursement. The proof will be on the victim to prove that the breach or ransom ware attack is not an act of war.Even without the declaration of war, the carriers are reluctant to pay during these times if an attack is determined to be from Russia or Russian sympathizer.Multiple US agencies and other government agencies have begun requiring organizations to report cyber incidents. Breach notifications have been around for some time. GDPR was one of the first to do so, any many US State governments followed suit. Executive management and boards need to take notice of these rules and regulations. Shareholders and investors are requesting and requiring information on a company's cyber posture and if there are any incidents. This is not just a publicly traded company issue. Private companies should closely monitor their environments and both types of organizations should seek experts in cyber. However, this will be a challenge if the company's board or regulations requires the organization to have a board director with cyber expertise. There is already a shortage of cyber professionals. The pool for experienced CISOs and ISOs is now even smaller. Organizations are having more and more rules and compliance factors to be aware of. These items are crucial for the company to be considering at all times and to have a plan for. CEOs and boards are being held liable for cyber incidents. In some cases, they have been questioned by Congressional panels or faced suits from investors or customers.All of these items build a good case on why cyber risk is now a pillar for modern business. The risks of financial loss, legal liability, and regulatory compliance is too high to not consider it seriously. Future expectations will continue to grow to protect the organization from the numerous cyber threats and requiring the proper board governance. due to this constant cyber threat, many experts, investors, security professionals and government agencies are calling for cyber risk as a new pillar of business
< Page 8 | Page 10 >