Contrary to popular belief, cybersecurity is not solely an IT problem.
Cybersecurity today requires an enterprise-wide approach that includes C-level involvement and any organizations that doesn't have that kind of system in place is risking its bottom line, according to a new report, titled "The Financial Management of Cyber Risk: An Implementation Framework for CFOs."
The 76-page report, released yesterday by the Internet Security Alliance (ISA) and the American National Standards Institute (ANSI), was developed by a cross-sector task force of more than sixty industry and government experts. (A free download is available here. Registration required.)
The report approaches the financial impact of cyber risks from an holistic perspective, including relevant chapters that touch upon the core business functions of all organizations, no matter the size or industry sector.
And the financial impact is significant. A White House Cyberspace Policy Review reported that, between 2008 and 2009, American business losses due to cyber attacks had grown to more than $1 trillion of intellectual property. According to the report, a typical breach of 10,000 personal records held by an organization would be about $2 million.
"Business is currently on the front lines of a raging cyber war that is costing trillions of dollars and endangering our national security," says Larry Clinton, president of the ISA. "Effective, low-cost mechanisms are already in place to shield against many elements of the cyber threat. But too often executive leaders wait until they are compromised to develop a plan of action, damaging their company's reputation and incurring additional cost. The guide we are releasing today provides a practical and easy-to-understand framework for executives to assess and manage their cyber infrastructure."
Complicating matters even more, employees are increasingly bringing personal mobile devices smart phones, flash drives, media players to work. Remember: These personal data storage devices represent yet another level of risk for the flow of business information to and from your organization.