Global CEOs have announced the ‘Cyber Resilience Pledge’, a collective action on cyber resilience to champion a unified approach to the growing cyber risks, signed by major global businesses such as Shell and Petronas.

 

This took place at the World Economic Forum (WEF) annual meeting in Davos.

 

“As the world deepens its digital footprint, cyber threats are becoming more sophisticated. But one company, working alone is effectively like locking the front gate while leaving the back door wide open. We must work together if we want to truly protect the critical energy infrastructure that billions of people around the world depend upon. This Pledge represents an important step – a commitment to build our capabilities and resilience – but it is the collaboration to follow that will ultimately determine our success,” said Amin H Nasser President and Chief Executive Officer,  Saudi Aramco.

 

Worrying disconnect

But despite the pledge of collective action, recent research has found a worrying disconnect between CEOs and boards and Chief Information Security Officers (CISOs), with only 51% of CISOs globally believing their board sees eye-to-eye with them on the issue of cybersecurity.

 

Lucia Milică, Global Resident CISO, Proofpoint, said: “It is encouraging to see the issue of cyber resilience being taken seriously by CEOs and boards, and a more unified approach to responding to cyber risk is certainly a positive development. However, for these kinds of pledges and initiatives to be successful, leaders must address the fundamental issues that hinder a genuinely effective response.

 

CISOs must report to CEO

“CISOs should report directly into the CEO, not the CIO, if cybersecurity is to be effectively prioritised. But equally, CISOs need a better understanding of the board’s business perspective so that both speak the same language,” she said.

 

To contend with the complexities of today’s threat landscape, organisations must bring cybersecurity expertise directly to the board level. 

 

The trend is already clear: Boards in Australia must oversee cyber resilience under Australian Prudential Regulation Authority (APRA) regulations, and earlier this year the US Securities and Exchange Commission proposed a rule requiring disclosures of board cybersecurity expertise and board oversight of cybersecurity risks for all US public companies.

 

Boardrooms awaken

“If there is one positive we can take from a year of headline-grabbing cybersecurity incidents, it’s that boardrooms worldwide have awakened to today’s cyber risks. With the prospect of significant downtime, disrupted operations and impacts on business valuations weighing heavily on the minds of the board as the result of a cyber breach, hopefully over the next 12 months we will see this awareness turn into action,” she added.-- TradeArabia News Service