Business leaders finally focusing on cybersecurity after years of ignoring potential dangers to corporate continuity

In a world where cyber threats are becoming more frequent and sophisticated, businesses are scrambling to bolster their defences. The recent attacks on companies like SolarWinds and Colonial Pipeline have sparked tough conversations among global business leaders about protecting intellectual property and customer data, and maintaining business operations amidst the rising threat of cyber attacks.

One company that found itself in the crosshairs was Malwarebytes, a provider of anti-malware software. In December 2020, Malwarebytes became a target of the same Russia-based threat actors that attacked SolarWinds. The company quickly activated its incident response group and worked closely with Microsoft's Detection and Response team to investigate the attack. Thankfully, an investigation of Malwarebytes' source code, build, and delivery processes confirmed that the company's software was safe.

The importance of cybersecurity has never been more evident, especially for companies in highly regulated industries like financial services and healthcare. Companies in these sectors tend to be ahead in terms of cybersecurity oversight. For instance, the New York State Department of Financial Services requires covered entities to have a Chief Information Security Officer (CISO) in place to protect company systems and data. In June, the department issued new guidance for financial services firms to protect against ransomware attacks.

The role of the CISO has grown in importance, with Vishal Gupta, SVP and chief information and technology officer at Lexmark, stating that the voice of the CISO has grown in importance, and other top executives have important roles to play in managing risk. The CFO, in particular, has to deal with issues like revenue loss due to cyber attacks, while the human resources department has to address employee security issues.

The statistics are alarming. There was an 83% increase in annual ransomware complaints between 2019 and 2020, according to the FBI Internet Crime Complaint Center. Total losses from ransomware attacks more than tripled from $8.9 million in 2019 to $29.1 million in 2020.

The disruption caused by COVID-19 has also led to an increase in cyber threats. A report released by Deloitte shows that 98% of U.S. C-level executives say their organization experienced at least one cybersecurity event in the past year, compared to 84% among non-U.S. organizations. The disruption led to a 86% increase in cyber threats at 86% of organizations in the U.S., compared with only 63% of non-U.S. entities.

In response to these threats, businesses are implementing stricter controls. The New York State Department of Financial Services requires covered entities to have a cybersecurity policy approved by a board of directors, and proper controls, including encryption and multifactor authentication. After an incident, companies like Malwarebytes are urging security companies to work together to share information.

In conclusion, cybersecurity is becoming a critical part of a board's overall responsibility for risk management. As businesses continue to digitalize, the importance of cybersecurity will only grow, and companies must be proactive in their efforts to protect their intellectual property, customer data, and business operations.

Business leaders finally focusing on cybersecurity after years of ignoring potential dangers to corporate continuity