Why Are Security Vendors So Obsessed with Board Attention?
The Board needs to take an elevated view on cybersecurity, looking for cross-functional governance matters beyond the mere technical horizon
As I was looking back at the role of the Board around cybersecurity oversight in the context of this recent report from Diligent and BitSight, I was shocked to see the number of vendor-led or vendor-sponsored articles I was coming across, and the shallow nature of their argument.
At high level, all revolved around the same logic:
- Cyber-attacks can take your business down.
- Therefore, cybersecurity needs to be on the Board’s agenda.
- My product is key to preventing cyber-attacks.
- Therefore, the problem it solves needs to be raised at Board level.
This is flawed at a number of levels and simplistic in its views of the way corporate governance operates.
First of all, I don’t think it makes sense anymore to remind Board members of the relevance of cyber-attacks and their potential impact on business. The non-stop avalanche of security breaches we have been witnessing over the past decade across all industry sectors has opened their eyes on the…