The boards and other leaders of private sector companies could foster a culture of cybersecurity within their respective organizations by ensuring that chief information security officers possess sufficient influence and resources to prioritize cybersecurity, and that peers and other senior executives are well-informed about cyber risks, according to Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency and a 2024 Wash100 awardee.
Table of Contents
Corporate Ownership of Cyber Risks
Easterly made these recommendations in an article published Wednesday on CISA’s website, where she revealed that corporate leaders are now increasingly cognizant of the strategic and enterprise nature of cyber risks and that they must take ownership of those risks.
The head of CISA noted, however, these same leaders must also recognize the important role they play not only in their organizations’ cybersecurity but in national security as well, in light of the interconnectivity between the government and the private sector.
Cyber Risk Management as Good Governance
To promote this perspective, CISA developed the Director’s Handbook on Cyber-Risk Oversight. Produced in collaboration with the National Association of Corporate Directors and the Internet Security Alliance, the handbook seeks to promote a model of cybersecurity that, according to Easterly, “starts with a commitment at the board level to incentivize a culture in which managing cyber risk is treated as a fundamental matter of good governance.”
“The time is now for CEOs and Boards to actively embrace corporate cyber responsibility as a matter of good governance, recognizing that every organization has an obligation to reasonably assure the safety of their employees, partners, and customers,” CISA’s leader added.