The U.S. experienced a significant increase in cyberattacks last year, with a staggering 57% rise compared to the global average of 38%. This worrying trend comes at a time when many companies are cutting costs and reducing staff due to economic uncertainty. While these cost-saving measures may provide short-term relief, they could ultimately expose businesses to catastrophic consequences associated with data breaches and cyberattacks.
Recent data reveals that each cyberattack, whether it be malware, ransomware, a data breach, or a DDoS attack, had a median cost of $18,000 in 2022, nearly double the amount from the previous year. Additionally, nearly half of all American businesses fell victim to cyberattacks during the past year. Despite the rising risks and costs, corporate boards seem unfazed by the threat. New research shows that only 23% of board directors believe a cyberattack is highly likely, and a concerning 47% believe their companies are ill-prepared to handle such an attack.
This disconnect between corporate boards and the actual threat landscape is alarming, especially given their fiduciary and oversight responsibilities. It is crucial for boards and their members to take a proactive approach to protect their organizations from the complex and costly threat of cyberattacks. Here are three crucial things board members need to know about cybersecurity to safeguard their companies:
1. The importance and impact of cybersecurity: While not every board member needs to be an expert in IT, it is crucial for the entire board to understand the significance of cybersecurity. This commitment should flow from the top down and be integrated into the company’s overall business strategy. When reviewing financials, board members must ensure that adequate funds are allocated for regular maintenance and upgrades to company infrastructure that defend against cyber threats. Despite economic uncertainty, cybersecurity spending is projected to rise by over 10% this year compared to 2022, highlighting its importance.
2. Poorly managed cybersecurity can jeopardize the entire business: Ignoring cybersecurity until an incident occurs can lead to costly consequences. Cyberattacks can result in financial loss and reputational damage. The average cost of a data breach in the U.S. was estimated to be $9.44 million in 2022. Additionally, the impact on public trust and company reputation can be immeasurable. For example, years after Facebook’s Cambridge Analytica data breach, a significant percentage of social media users still have negative opinions of the platform. The financial losses associated with reputational damage can reach thousands or even hundreds of thousands of dollars for businesses of different sizes.
3. The growing seriousness of cybercrime and available resources: State-sponsored and sophisticated cyberattacks are on the rise, posing a significant threat to businesses. However, technology to prevent such attacks is also evolving. Government agencies like CISA and the SBA offer crucial guidance, while companies like Miradore provide mobile device management (MDM) services and cyber intelligence firms like Google’s Mandiant help mitigate risks. It is essential to think of cybersecurity as a proactive measure, similar to securing a home with cameras, alarms, and proper lighting. By investing in cyber defense before an attack occurs, board members can save their companies money in the long run.
Furthermore, management needs to actively participate in the company’s cybersecurity efforts. Establishing an information security management strategy and committee, with representation from the board and senior management, signifies the importance of the issue. Being involved in this space enables the board to stay informed and act swiftly in response to potential incidents. Setting up metrics and reports to measure the business impact of cybersecurity is equally important. By quantifying the impact of cyberattacks and progress in preventing them, boards can effectively manage the company’s cyber risk.
While there is no foolproof solution for all cybersecurity challenges, boards that prioritize this issue should explore the available resources to discover a combination of tools that work best for their organization. By taking proactive measures and having the right intentions, boards can position their companies to prevent cyberattacks and respond efficiently to any that may occur. It is vital for board members to understand the basics of cyberattacks and prevention methods to fulfill their oversight responsibilities and protect their businesses from potentially devastating monetary and reputational harm.