NightDragon’s Post

It’s clear that CISOs need to enhance their soft skills to communicate tech risks effectively to non-tech board members. CISOs must effectively communicate the strategic business value of cybersecurity to gain credibility in the boardroom. It’s not just about defending against threats—it's about framing cybersecurity as integral to business resilience. By enhancing soft skills, CISOs can ensure their voices are not just heard but acted upon, leading to better-resourced and more proactive cybersecurity strategies. #ICISOMuch #SoftSkills #CISO

Reducing cyber risk to the Federal Enterprise involves the work of hundreds of public servants and cybersecurity professionals from over 100 federal agencies collaborating with CISA, OMB, ONCD, and other interagency and industry partners. Federal chief information security officers and their teams play a critical role in collective operational cyber defense- not just for their home agencies, but as thought leaders and partners sharing insights and lessons learned with peers, with CISA, and with the broader cyber community. In mid-April, CISA held its second Federal Enterprise Cyber Leadership Summit of the fiscal year, convening federal CISOs to discuss key priorities outlined in its FCEB Operational Cybersecurity Alignment (FOCAL) plan and to review interagency progress on topics such as asset visibility, zero trust adoption, and the operationalization of new Continuous Diagnostics and Mitigation #CDM capabilities. Standardizing our cross-agency approach facilitates peer-to-peer communications, aligning core Enterprise cyber functions enables CISA's mission activities, and focusing on a shared set of priorities allows the community to enhance collective cyber defense together. During this Public Service Recognition Week, I want to recognize the dedication of these cyber leaders and highlight the progress being made across the Federal CISO Community, along with the impact being made by CISA's Federal Enterprise Improvement Team. Special thanks as well to our partners at the U.S. Department of Energy (DOE), Ann Dunkin, Paul Selby for hosting us, and to Federal CISO Chris DeRusha and CISA's Matt Hartman for providing opening remarks. Cybersecurity and Infrastructure Security Agency Doc McConnell Sarah Alim Chad Poland Steven Hernandez Trey Kennedy James Saunders Mike Witt Amanda Day Stan Lowe Matt House Shelly Hartsook Genevieve M. Nikkia Henderson Van Patrick Bevill Lisa Barr #federalcyber #cybersecurity #PSRW #CISA

On the other hand, when they are able to align cyber with business strategy, the benefits are clear,” the report continued. “Half (46%) of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.” #leadership #management #technology #informationsecurity #ciso #riskmanagement #security #cybersecurity #privacy

Highlighting this post I came across yesterday for my network regarding Ian Schneller's thoughts on today's #CISO role - One of the five key tenets that I'd like to point out is number five. With today's massive shortage between cyber talent and the demand for it, organizations everywhere are struggling to recruit talent for their cybersecurity team. Ian adds several ways to cultivate or recruit the desired talent that others should also consider. A great short read. #cybereducation #cybersecurity

The attached report, "Cybersecurity Audit and the Board: How Board Oversight Impacts Cybersecurity Performance," offers comprehensive analysis and data-backed evidence that underscores a critical message for companies and their boards: Advanced cybersecurity ratings are not just a badge of honor; they are a significant value multiplier for shareholders. Companies at the forefront of cybersecurity, boasting advanced security ratings, are creating nearly four times the shareholder value compared to those with basic security ratings. In an era where cyber threats loom larger and regulatory pressures mount, this finding illuminates the path forward for businesses seeking sustainable growth and resilience. This revelation should serve as a call to boards and executives alike. In the digital age, robust cybersecurity is not merely a defensive strategy but a fundamental driver of financial performance and shareholder confidence. The report also sheds light on the mechanisms that propel companies to this level of cybersecurity excellence, including the strategic roles of specialized risk committees and the integration of cyber experts within governance structures. The report is definitely worth a read. What are your thoughts? #Cybersecurity #CorporateGovernance #ShareholderValue #BoardOversight #DiligentInstitute #Bitsight #CyberRiskManagement

According to a new report, cybersecurity and business interruption are now considered the top #corporaterisks. Here's how the recent surge in sophisticated #cyberthreats is challenging traditional corporate governance:

Global CISOs are routinely belittled and dismissed as being overly negative by their board, according to new Trend Micro research highlighting a “credibility gap” within the function. The security vendor polled 2600 IT leaders with responsibility for cybersecurity to compile its latest report, The CISO Credibility Gap: How a Communication Breakdown in the Boardroom is Hurting Cyber-Resilience. It revealed that CISOs are failing to win the trust of business leaders. Of those interviewed, 79% claimed they have felt boardroom pressure to downplay the severity of cyber-risks facing their organization. This matters, because an unengaged board is less likely to think of cybersecurity in strategic terms. A third (34%) of responding CISOs claimed cyber is still treated as part of IT rather than business risk in their organization. Over two-fifths of respondents said they have been given more budget (43%) and responsibility (45%) as a result, with a similar share (41%) reporting that they’ve been brought into senior decision making... #informationsecurity #cybersecurity #security #ciso #boardroom #cyberresilience

The Cybersecurity Leadership Crisis Dooming America’s Companies America’s companies have a chronic problem with cybersecurity. That problem has now reached Stage 4 — spreading out of control with CrowdStrike’s mass-inflicted systemic cybersecurity incident that was not even caused by a cyber-attack. Half-way through the summer of 2024 and the scalding impacts of the UnitedHealth Group and CrowdStrike cyber incidents have now redefined what is truly at stake and just how fragile America’s complex digital business systems are. How we long for the summer of 2023 and the tepid waters of the MGM and Caesers cybersecurity incidents. But why are America’s cybersecurity problems not only persisting, but getting worse? It’s almost as if we’re focused on the symptoms, instead of curing the disease — and America’s cybersecurity disease is being caused by a colossal leadership failure in the corporate boardroom. https://lnkd.in/gC76SZZS #CyberSecurity #RiskManagement #boardofdirectors #Crowdstrike #UnitedHealthcare

New research reveals a concerning trend: a third of CISOs have been abruptly dismissed by their boards. Often perceived as overly negative, CISOs face a credibility gap that hinders their ability to effectively communicate cyber risks. This disconnect has serious consequences. Unengaged boards fail to grasp the strategic importance of cybersecurity, relegating it to IT instead of recognizing it as a critical business risk. This lack of understanding leads to underinvestment in proactive cybersecurity measures, ultimately increasing the likelihood of costly breaches and reactive spending. #cybersecurity #CISO #cyberrisk #corporategovernance #riskmanagement #creaplus

The cybersecurity landscape continues to evolve at an alarming pace and the cybersecurity landscape is more complex and dynamic than ever. Here are some key statistics that every leader should be aware of to better understand the challenges and opportunities we face in safeguarding our organizations. 📊 Global Cybercrime Costs: Expected to reach a staggering $10.5 trillion annually by 2024, cybercrime is one of the most significant threats to businesses worldwide. 💻 Ransomware Attacks: Over 75% of businesses are expected to face ransomware attacks this year, with average recovery costs exceeding $4.45 million. 🔒 Data Breaches: In 2024, businesses are predicted to face an attack every 39 seconds, underscoring the urgent need for robust defense mechanisms. 📉 SMEs at Risk: Around 60% of small businesses that fall victim to cyberattacks will go out of business within six months. With these statistics in mind, it’s clear: investing in cybersecurity is no longer optional—it’s essential for survival and growth. As leaders, we must invest in robust security measures, foster a culture of awareness among our teams, and leverage advanced technologies to protect our organizations from evolving threats. #Contivos #Cybersecurity2024 #DigitalSafety #DataProtection #BusinessSecurity #Leadership #CyberResilience #DataBreach #ThreatIntelligence #2024Trends Contact our partner team today: Nathaniel Payne, PhD (裴内森) Kulbeer Singh Sidhu