Cybercrime has become a serious threat to businesses globally–as a market it’s expected to grow to 10.5 trillion by 2025. If cybercrime were a GDP, it would be the third largest in the world after the US and China. Companies are in an AI arms race to see whether security teams can innovate faster than their adversaries. While security leaders are aware of these risks, there is still opportunity at many enterprise boards for awareness paired with action.
For Cybersecurity Awareness Month, Synack has joined forces with Nasdaq and the Firstboard.io Cyber Council to highlight the need for greater cybersecurity expertise on boards. On Oct. 8, we’ll host an evening focused on elevating women in the cybersecurity industry with professional development, knowledge sharing, discussion of emerging technologies and trends, leadership insights and more.
According to the WSJ, there’s been a sharp increase in the number of board directors with cybersecurity experience–a welcome development–but it’s still nowhere near where it should be. Cybersecurity experts only hold 2.3% of director positions in the S&P 500.
In the News: Compliance, Policy and Board-level Implications
For many public and private companies, CISOs play a vital role in managing security threats to the business, but increasingly the board of directors have been expected to play a key role too. In 2023, the U.S. The Securities and Exchange Commission (SEC) started to directly regulate boards of publicly traded companies and require them to “disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.”
Business leaders such as Bethany Mayer, a board member at a number of notable public companies, have also weighed in, championing the importance of having at least one board member with a cybersecurity background. Mayer compared the current cybersecurity crisis to the Enron Crisis, which spurred the need for board members with a finance background and new legislation.
At Black Hat 2024, one of the most influential cybersecurity conferences of the year, Jen Easterly, head of the Cybersecurity and Infrastructure Agency (CISA) remarked, “We don’t have a cybersecurity problem. We have a software quality problem.”
Boards can play an influential role in making sure that their strategy for product development is anchored in security. In the future, Easterly argues that companies should be liable for vulnerable software – an implication that could impact boards too.
Synack and Firstboard.io Partner to Highlight Women in Cybersecurity & Technology Leadership. One Could be Your Next Board Member.
In response to the clear and pressing need for more cybersecurity talent on boards, Synack has published a paper in partnership with the Firstboard.io Cyber Council to highlight existing executive talent. These women are shaping the security and technology programs at some of the most admired technology companies globally. The paper also provides actionable guidance from the Cyber Council on how board members and CISOs can improve cybersecurity discussions at the board level.
To read the paper, click here.
