We’ve got a cybersecurity problem, but it’s not the one we think we have. The problem is in how we think about cybersecurity problems. Too many of us are stuck in a reactive loop, looking for silver bullet solutions, when we need to change how we view cybersecurity problems instead.
For CISOs at companies worldwide, across every industry, the struggle is real. There’s an incident, and the organization reacts. Too often, the response will be to buy a new software product that is eventually destined to fail, starting the reactive cycle all over again.
The trouble with this approach is that it forecloses the opportunity to be proactive instead of reactive, and given the rising stakes, we genuinely need a holistic approach. In the U.S., the average cost of a data breach now exceeds $4 million, and that may not include downstream costs, such as higher cyber insurance rates and the revenue hit the company may experience due to reputational damage.
We need a new approach, and lessons from a generation ago can point us in the right direction. Back then, cybersecurity professionals created disaster recovery and business continuity plans, calculating downtime and its disruptive effects to justify investment in a holistic approach. We can do that again, but it will require less focus on tools and more clarity of purpose.
Recent Comments