Many cybersecurity experts are claiming that cybersecurity itself is an issue that pertains to the C-suite and board. This challenges the atypical viewpoint of how companies have traditionally treated cybersecurity issues as an IT issue.
“If you went to a cardiologist, you wouldn’t want him to work on your brain,” says Richard Frankel, Of counsel at Ruskin Moscou Faltischek, P.C. “It’s the same with IT and cybersecurity. The IT guys are great at setting up computers and programs…but they’re not cybersecurity experts.”
Cybersecurity operates beyond the ordinary operations of IT. Their purpose is to prevent foreign entities from accessing the company’s assets, causing a data breach. Their job description is within the title of the field: they are a company’s security against cyber invaders who could possibly cause harm – be it malicious or otherwise.
The board is ultimately responsible
However, although the cybersecurity experts are responsible for protecting that data and assets of a company in a cyber setting, the ultimate responsibility for managing the efficiency and plan for these experts falls upon the C-suite and board.
“It’s not about precaution. It’s about understanding the responsibilities of the board, and how the board looks at cybersecurity,” says Ariel Evans, CEO of Innosec. “Recently Aon announced that cyber events now rank among the top three triggers for d&o derivative action. This means that the directors and officers are being personally held responsible for cyber attacks.”