While few corporate executives and boards of directors would dispute the importance of cybersecurity, some may feel ill-prepared to begin the process of managing these risks given the myriad technical and non-technical elements of the issue. The goal of this document is to address this gap by providing corporate leaders a practical framework for addressing the people, process, and technology elements of the cybersecurity challenge.
Although information technology has created a new digital age, transforming every aspect of modern life and bringing with it greatly enhanced productivity gains and standards of living, its underlying infrastructure is inherently vulnerable to exploitation. This leaves society open to fundamental cybersecurity risks. Businesses globally constantly face an onslaught of malicious activity, ranging from theft of precious intellectual property and customer records to destruction of valuable proprietary information.
While there are significant financial costs to these incidents, the cumulative effect of the increasing torrent of cyberattacks is an erosion of the trust that enables our digital age. The fine line between a high functioning digital society and the collapsed productivity that would transpire in the absence of such trust defines the cybersecurity imperative for leaders in all sectors, particularly business executives. Businesses own and operate the assets that enable our digital society, and therefore have a fundamental interest in managing the cybersecurity
risks facing their companies.
Although the volume of cybersecurity-related news has generated awareness of the topic, it has also sowed confusion, fear, uncertainty, and doubt (FUD) about the key issues business leaders need to consider. It is important, therefore, to define the problem that needs to be addressed.