Why CyberSecurity And AI Are Top Governance Risks For Board Directors And CEOs?
Ask most board directors and CEO’s to define cybersecurity and artificial intelligence in a board meeting and have them share their answers and you may well find that their depth of knowledge is too shallow in their duty of care responsibilities.
This, however, is fast changing after many years where cyber-security and artificial intelligence was left in the hands of information technology leaders, versus integrated equally better business and IT professionals practices. Today bringing key business stakeholders across the enterprise with diverse skill sets ranging from: human resources, legal, business, technology, security – all with a unified mission to bring cybersecurity and artificial intelligence matters into a unified governance operating model is finally emerging across the Fortune 500.
Leaders are recognizing that they have often been asking the wrong questions and often applying the wrong methods. This article takes a rapid scan of interesting facts to define why it is imperative to get Cybersecurity and AI harmonized to de-risk organizations exposure to cybersecurity incidents.
Gartner Group released recently the report: The Urgency to Treat Cybersecurity as a Business Decision, stating that after years of quarterly reporting on cybersecurity to board directors, boards for the first time are pushing back and asking for improved data and a clearer understanding of what companies have achieved after years of heavy investments into cybersecurity areas.
You will likely recall the cybersecurity Equifax hack in 2017 where the CEO, Richard Smith, resigned after 143 million American’s data was compromised, and he made it clear that he was stepping down due to the cybersecurity incident. This hack cost Equifax over $4B to recover from all the damages, let alone the customers that moved off their loyalty roster which severely impacted annuity streams.
Cybersecurity fines are accelerating as well. The UK Information Commissioner has increased cybersecurity fines under GDPR, up to $20M Euro, or $23.6M USD if controls are not consistent, reasonable and adequate. This certainly has driven an accelerated frenzy in GDPR compliance and regulatory controls.
Irrespective of the compliance accelerated regulations, Cyber-attacks are increasing, and over 4.1 Billion records were breached in the first half of 2019, according to Varonis.
By the end of 2020, it is estimated that the numbers of passwords used by humans and machines will grow to over 300 billion (CyberSecurity Media). Verizon has also reported that over 71% of breaches were financially motivated and 25% were motivated by espionage. Over 50% of the breaches are from hacking, while 30% is from malware, and balanced from phishing or social engineering. 94% of malware attacks are delivering by email, as well.
The intensity of hacking is also intensifying, as hackers are attacking every 39 seconds world-wide, on average over 3,000 times a day, according to leading researchers from the University of Maryland.
You may recall the Wannacry virus that impacted over 150 countries, and more than 400,000 computers in over 100,000 different groups were compromised, at a cost of over $4B in damages.
These types of high risk cybersecurity breaches are increasing in severity, ruining company brand reputations, impacting careers, as CEOs or board directors are leaving companies for compliance violations and avoiding the political outcry from shareholders.
IBM recently reported that $3.9 million is the average cost of a data breach worldwide and $8.2 million in the USA. While costs to maintain cybersecurity problems are increasing, so are the regulatory requirements.
Keeping data governance in high compliance parameters with maintaining diverse data, and privacy legislations from SOX, ISO 27001, HIPAA, GDPR and the recent California Consumer Privacy Act are causing considerable angst in increasing operating costs, as the regulatory, and privacy compliance costs just never seem to end. Yet the hackers are always improving their hacking techniques. Some might say they are winning in terms who is on first or second base, as hacker networks work in unified packs, with no boundaries, and continually poke and probe for vulnerabilities every second.
One of the reasons hackers and breach artists are improving is due to the sophisticated artificial intelligence and machine learning algorithms which crawl the world wide web and detect pathways into personal computers, networks, cloud, etc. cracking passwords, causing havoc, giving not just headaches but also heart attacks.
Few leaders realize that heart attacks are on the increase as employees impacted from cyber-security attacks are under extreme stress, which is often the unspoken smoke that trails these serious crimes.
Cybersecurity has a health and wellness responsibility so board directors and CEO’s need to ensure that cybersecurity employees are being coached on the medical risks in their career and stress the importance of living a healthy life style to compensate for the work related risks – that simply come from having a career in cyber-security.
Gartner has gone on record that by the end of 2020, security services will have 50% of their operating budgets tied to cybersecurity. Yet I wonder how much of these operating budgets have a focus on health and wellness to support talent at risk due to accelerated job stresses due to cyber-security high expectations of zero – tolerance risks.
While the rise in cybersecurity is increasing, the shortage of cybersecurity skills continues and unemployment rate according to CSO Online is at 0% unemployment with talent with these skills. Looking ahead, by 2021 there is estimated to be over 4 million jobs for cybersecurity roles that will be unfilled. Clearly we have much to get this gap under control.
This article originally appeared on forbes.com To read the full article and see the images, click here.
Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards