Many organizations continue to view cybersecurity as a technology problem, “owned” by the Information Technology department. However, doing business connected to the Internet can create non-technical problems: legal, regulatory, financial, logistical, brand or reputational, even health or public safety problems. Increasingly, organizations are treating cybersecurity and cyber threats in a broader manner, viewing cyber as a risk to be managed, and owned ultimately by the most senior ranks of corporate governance. Regulators and Boards are increasingly emphasizing this approach to cybersecurity as well. However, organizations continue to face challenges as they try to translate, measure, manage, and report a risk that is highly technical, and still somewhat foreign to many risk managers and board directors. |