Cybersecurity is one of those factors that are easier to explain than address. Cybersecurity has been a major threat since, at least the year 2000, if not earlier. The threat is growing as more companies, users and devices get connected. The exponential growth in connectivity has led an exponential growth in cyberattacks. But still companies are not taking security as a organizational pillar, but rather as something that gets patched when there is a cyberattack. And there has to be a reason as to why companies keep failing to create a security team that reacts attacks rather than preventing them. Could it be that such strategy is cheaper?
The article argues that metrics need to be added when developing a security strategy. The reason is simple: the security team must prove its own RoI. Its own financial viability. If they fail to do so, then companies will prefer to risk security if the price is lower. I guess we will have to wait until cybersecurity attacks are so damaging, that failure to secure any given business may put them at risk of business failure.
Twitter CISO Michael Coates offers cybersecurity insights
Nearly all elements of our businesses and our lives are interconnected online. As a result, the importance of technology and related threats to security have never been greater.
Despite this, many organizations are failing in their efforts to protect critical data, systems, and users.
These shortcomings come from multiple areas, including failure to create an empowered security organization, a skewed focus on the latest security headline to the detriment of security fundamentals, and a lack of an accountable security risk program spanning across all business leaders … Keep reading the original post here