Transparency and effectiveness in cybersecurity aren’t just a “plus” for a company anymore – it’s a “must.” As reported by the MIT Sloan School of Management, updated rules from the Securities and Exchange Commission now require companies to maintain adequate cybersecurity controls and to appropriately disclose any cyber-related risks and incidents.
MIT Sloan researchers also suggested four core components for developing a cybersecurity strategy that effectively addresses risks while avoiding potentially-dangerous omissions:
- Supply Chain Risks: Third-party suppliers and partners can be a source of cybersecurity risks, especially with heavily interconnected supply chains. Organizations should evaluate the security and risks of their partners, establish security standards, and re-evaluate as needed.
- Insider Threats: Company insiders, such as employees, contractors, and partners, may also pose security risks, whether through intentional actions or through negligence. Robust security protocols, well-enforced access rules, and a culture of cybersecurity vigilance are key to reducing these risks.
- Data Privacy & Regulatory Compliance: It’s important to stay aware of evolving regulations around data privacy. To avoid penalties (both financial and reputational), organizations should have comprehensive programs in place, including regular audits and monitoring of regulatory changes.
- Emerging Technologies: Effective cybersecurity requires being proactive in assessing the potential threats of new technologies such as AI, Internet of Things, and cloud computing. Companies should understand the risks, assess their readiness, and build frameworks to avoid being caught unaware by the risks of new tech.
By prioritizing these areas, companies can strengthen their cybersecurity protocols and more effectively manage cyber risks. Bottom of Form Read more about these big ideas and specific examples in the Harvard Business Review: https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address