Groups: Cybersecurity Needs to Move Beyond an IT Issue
It may be obvious why the report recommends the legal and public relations departments be involved in cyberrisk decisions. But even human resources has a role to play, as an estimated 70 percent of breaches come from inside the organization, Stull said.
Among the questions CFOs should ask department heads, according to the report:
-- Has the company analyzed our cyberliabilities?
-- What's the potential for us to be named in class-action lawsuits after a breach?
-- Are there valid reasons we're collecting personal information?
-- What is our biggest cybervulnerability?
-- Do we have a documented and proactive crisis communications plan?
The annual economic impact of cyberattacks in the U.S. is about $226 billion, according to a 2004 estimate from the Congressional Research Service. It's time for businesses to look at cybersecurity in a new way, with multiple departments involved in the issue, said members of the report task force. "If companies view cybersecurity as solely an IT issue, then we're not going to be as secure as we can be," Sagalow said.
ISA and ANSI believe the report reflects a new way of looking at cybersecurity and cyberrisk, he added.
"Cybersecurity isn't an IT issue," Clinton added. "It's an enterprise-wide risk management issue that affects every aspect of the organization."
$firstKeyword
Receive the latest security news as it breaks.
