1 featured image 1
Trends & Research

What They're Saying About the Cyber Balance Sheet Report

May 1, 2017
   

April was a landmark month for Focal Point, which saw the release of the first annual Cyber Balance Sheet Report. The groundbreaking study made has made its rounds through a handful of media outlets since it's publication on April 18th, and we've provided some highlights from each feature.

How Boards, CISOs Can Develop Trust

The Wall Street JOurnal

"Board members who read news about ransomware infections or powerful distributed denial-of-service attacks that knock web services offline often take that information to their CISO with questions about how their own organization is prepared.

'For security teams that’s an opportunity to develop trust by delivering on what you promise,” said Yong Gon Chon, chief executive of Focal Point. “And threat trends are the most eye-catching part of the industry. If I’m seeing the forecast move in one direction, I want to know how my organization is in position to defend against that.'"

Read the full article by Jeff Stone in The Wall Street Journal

Board Members Want a Helicopter Video of Cyber-Risk

Infosecurity Magazine

"It uncovered that board members are five times as likely to cite “risk posture” as a key security metric compared to CISOs, and 13 times as likely to say the same about peer benchmarking—showing boardrooms’ affinity for the big picture.

Board members also report being inundated with security data and often assume CISOs—armed with data—have things under control. One CISO was told, 'We do not understand everything you are telling us, but we have a lot of confidence you are doing the right thing.'"

Visit Infosecurity to read the full article by Tara Seals

Wintrust Business Lunch - Cyber Security

WGN Radio

CEO Yong-Gon Chon was feautred in a segment with Ilyce Glink on WGN Radio in Chicago discussing the Cyber Balance Sheet Report:

"The Cyber Balance Sheet Report was really designed to call into focus the disparity between what board members or corporate directors are looking for and their concerns being able to manage risk, and what security leaders are often reporting. And it really shows the lack of alignment in terms of expectation and communication barriers between both of those different roles inside corporations."

On if data breaches are a fact of life now:

"No question that that's the case and the concerns are continuing to grow as the activity and frequency continues to hit the media. Breaches are a fact of life right now, we believe that what the focus should actually be is that instead of focusing on the breach, focusing on the negative impacts and mitigating the negative impacts associated with a breach. And so, if you do happen to have an organization that's been hacked, how do you measure the damages? How many records are actually being lost or stolen or ransomed? Can you recover the busienss in a non-disruptive way? Are you doing the right thing by your employees, your customers and your third-party vendors by making sure that everyone is coordinated?..." If breaches are a fact of life, how do we mitigate the bad outcomes associated with those breaches?

Catch the full interview here.

CISOs, Board Members Have Widely Divergent Views on Cybersecurity

Darkreading

"Similarly, the metrics that CISOs use to convey the status of the organization’s security program to the board tend to be more operational in nature while board members are far more interested in big picture metrics such as peer benchmarking.

One surprising finding from the report is the relatively low desire among board members to see risk expressed in terms of financial losses over a specific time frame."

Read the full article by Jai Vijayan here.

CISOs and Boards of Directors Are Far Apart (But Can Close the Gap), New Survey Says

RiskLens

"CISOs didn’t rank any communication technique as particularly effective in getting through to the board on the value of security. They said their best audience is a board that was already aware of cybersecurity...

CISOs must first understand what the Board values…Then they should use that information to orient the security program toward delivering and demonstrating that value."

Visit RiskLens to read the full article by Jeff Copeland