web analytics

2023 Director’s Handbook on Cyber-risk Oversight

Rate this post

Businesses around the world depend increasingly on technology, a digital revolution that has created both enormous rewards and exponentially expanding risks. The cyber-threat landscape we face today is more complex and dangerous than ever, with cybercrime expected to cost the world some $8 trillion dollars in 2023.1 With corporate reputations and revenue on the line—and given the broader implications for our national security, economic prosperity, and public safety—we must think differently.
Consider this hypothetical—but very possible—scenario: Imagine that a CISO at a US pharmaceutical company recommends that the company fund a phishing-resistant multifactor authentication (MFA) tool for all employee accounts. Company leadership declines, calculating that the enhanced MFA would be more costly than warranted in the near term, based on their judgment about the likelihood of a cyberattack. The decision is reviewed and approved by the board. Later, when an attacker tricks a user into revealing their login credentials, data is exfiltrated and systems are shut down by ransomware, with the following cascading impacts:

  • Delayed shipment of critical pharmaceuticals, resulting in delayed surgeries across the country
  • Theft of sensitive customer data, resulting in identity theft and personal financial impact to millions of customers
  • Theft of critical intellectual property, eventually sold to an overseas company owned by an adversarial nation, which brings several competing drugs to market years ahead of schedule, with downstream effects on market share
  • Over time, the US health care system begins to rely heavily on the overseas company for the pharmaceuticals, which ultimately damages US competitiveness and its leverage in the event of a geopolitical conflict.

Views: 10


advisor pick´S post

More Latest Published Posts