Actu
WEF Davos: Global CEOs announce Cyber Resilience Pledge - Comment from Proofpoint expert
May 2022 by Lucia Milică, Global Resident CISO, Proofpoint
Today at the World Economic Forum annual meeting in Davos, global CEOs have announced the ‘Cyber Resilience Pledge’, a collective action on cyber resilience to champion a unified approach to the growing cyber risks, signed by major global businesses such as Shell and Petronas.
But despite the pledge of collective action, recent research has found a worrying disconnect between CEOs and boards and Chief Information Security Officers (CISOs), with only 51% of CISOs globally believing their board sees eye-to-eye with them on the issue of cybersecurity.
In response to this announcement, please find below a comment from Lucia Milică, Global Resident CISO at cybersecurity firm Proofpoint, who argues that CEOs and boards must bring cybersecurity expertise directly to the board level, and address the communication breakdown with CISOs, if a unified approach to cyber risk is to be successful.
Lucia Milică, Global Resident CISO, Proofpoint:
“It is encouraging to see the issue of cyber resilience being taken seriously by CEOs and boards, and a more unified approach to responding to cyber risk is certainly a positive development. However, for these kinds of pledges and initiatives to be successful, leaders must address the fundamental issues that hinder a genuinely effective response.
All too often we see a frustrating disconnect between boards and their Chief Information Security Officers (CISOs) which leads to ineffective prioritization of cyber threats and exacerbates business risk. Our recent research found that only 51% of CISOs globally believe their board sees eye-to-eye with them on the issue of cybersecurity.
Often this comes down to communication. CISOs should report directly into the CEO, not the CIO, if cybersecurity is to be effectively prioritized. But equally, CISOs need a better understanding of the board’s business perspective so that both speak the same language.
To contend with the complexities of today’s threat landscape, organizations must bring cybersecurity expertise directly to the board level. The trend is already clear: Boards in Australia must oversee cyber resilience under Australian Prudential Regulation Authority (APRA) regulations, and earlier this year the U.S. Securities and Exchange Commission proposed a rule requiring disclosures of board cybersecurity expertise and board oversight of cybersecurity risks for all U.S. public companies.
If there is one positive we can take from a year of headline-grabbing cybersecurity incidents, it’s that boardrooms worldwide have awakened to today’s cyber risks. With the prospect of significant downtime, disrupted operations and impacts on business valuations weighing heavily on the minds of the board as the result of a cyber breach, hopefully over the next 12 months we will see this awareness turn into action.”
