Industry Experts and Shareholders Point to the Need for Cybersecurity Investments
In September 2022, several industry experts and shareholders spoke on the need for companies to elevate their cybersecurity programs and implement enhanced policies and procedures for responding to cybersecurity incidents.
On September 8, 2022, Lindy Cameron, the chief executive of the United Kingdom National Cyber Security Centre, spoke at the 13th Billington Cyber Security Summit in Washington, D.C. and outlined the cyber strategy deployed by the United Kingdom (UK) and spoke to the “huge challenge to try to get people to implement the basic security measures that [the UK government] know[s] people face.”
Cameron believes the most important practice that businesses can implement is having cybersecurity become one of the topics discussed and monitored by senior management and executives — similar to discussions surrounding legal or financial risk that most large-scale organizations engage in on a consistent basis of experts in the field. According to Cameron, these conversations should surround the impact of a cyber incident on loss of data or operation and planning how to best respond to these instances.
These conversations are imperative; according to Cameron, “90% of the incidents that we see today could be prevented by doing the things we already told you to do,” as “a lot of this is not that complex to do.” Cameron went on to say that “too often an organization wasn’t prepared, or actually, there’s not a good-faith effort to recover” any data lost due to a cyber incident which she finds to be “a cop-out.”
These notions were echoed on September 20, 2022, when Brandon Wales, the executive director of the Cybersecurity and Infrastructure Security Agency (CISA), who spoke at the Wall Street Journal’s Chief Information Officer (CIO) Network Summit. Wales regarded compliance with certain cybersecurity requirements by critical infrastructure sector participants as “standard.” He called for a greater investment in digital defenses “for every publicly traded company[,]” not just those mandated to do so.