I think the list of executives and board members genuinely interested in cybersecurity will increase greatly as regulations, such as the US SEC cybersecurity reporting requirements and the European Union's proposed Cyber Resilience Act (CRA), are established to correct longstanding financial incentives that do not benefit the customers or investors.
These are requirements, for those under their oversight, that force a level of transparency that creates accountability for company’s cybersecurity posture and management. Such strong catalysts will drive recognition across the top tiers of business leadership for the importance and necessity to commit resources to develop and actively maintain the security of their digital products and services.
Needless to say, such regulations are unpopular with many organizations as they greatly narrow down the options of concealing security issues and, therefore represent an undesirable forcing function to invest more in cybersecurity and maintain executive oversight.
I see this as a strategically important shift that strengthens the trust in digital technology.
Comments