As cyber-attacks increase in complexity, frequency, and velocity, in our experience, many enterprise organizations are reliant on outdated IT governance. The organizational paradigm is limited by slow-moving bureaucracy and scarce resources. This situation is often the result of a limited understanding of the risks on the part of decision-makers, like board executives who rely on outdated corporate governance frameworks that were developed in response to accounting scandals - e.g., WorldCom, Enron, Tyco, etc. - not cyber risks.
Enterprise executives continue to propagate a compliance check-box mindset that values minimal security control investment to meet audit standards. The focus on audit/compliance misses the costs that may extend beyond regulatory penalties into financial losses that are not always small enough to recover from without significant repercussions.
As cyber-attacks increase in complexity, frequency, and velocity, in our experience, many enterprise organizations are reliant on outdated IT governance. The organizational paradigm is limited by slow-moving bureaucracy and scarce resources. This situation is often the result of a limited understanding of the risks on the part of decision-makers, like board executives who rely on outdated corporate governance frameworks that were developed in response to accounting scandals - e.g., WorldCom, Enron, Tyco, etc. - not cyber risks.
Enterprise executives continue to propagate a compliance check-box mindset that values minimal security control investment to meet audit standards. The focus on audit/compliance misses the costs that may extend beyond regulatory penalties into financial losses that are not always small enough to recover from without significant repercussions.