Ladies and gentlemen of the board

Reading Time: 4 minutes

Category: Trends and Reports


Cybersecurity remains a top priority of businesses, but the harsh reality of cybersecurity is that the investment can be hard to sell. The costs are easy to specify, the return is less easy to convey.

As a CISO, or a head of IT: how do you appeal to the board to make sure they understand the value of good cybersecurity?

In this blog, we offer some guidelines in the shape of a fictional speech to the board.

Thank you for giving me the opportunity to address you as the Chief Information Security Officer (CISO) of our organization. Today, I want to emphasize the importance of adopting a Zero Trust strategy as the foundation of our cybersecurity framework.

In today’s digital-first world, the risk of targeted cyberattacks is ever-present. No company can consider itself immune, and even our third-party affiliates can become potential vulnerabilities. The World Economic Forum’s 2023 Global Risks Report has identified “widespread cybercrime and cyber insecurity” as one of the top global risks.

The financial consequences of cyber incidents are skyrocketing, with the average cost of a data breach reaching $4.35 million and the average cost of ransomware attacks even higher, at $4.54 million.

As CISOs and CSOs, our role extends beyond securing the existing system infrastructure, into proactively protecting against future attacks

Traditionally, cybersecurity has focused on compliance and blocking known threats, but it is essential for us to acknowledge that this alone is no longer sufficient. As CISOs and CSOs, our role extends beyond securing the existing system infrastructure, into proactively protecting against future attacks. This is where Zero Trust comes into play.

Zero Trust is not just another compliance checkbox; it is a comprehensive strategy that assesses risks per critical asset. Unlike traditional approaches, Zero Trust assumes that no user or device can be inherently trusted, whether they are inside or outside our network.

Webinar

Maximizing your organization’s cybersecurity

Tuesday, December 19th 12:00pm CEST (Europe)

In this webinar we discuss the economic impact of a security breach and what can we learn from (cost) analysis of past breaches.

Prof. dr. Yuri Bobbert (ON2IT Global CISO) will look at the following subjects:

Insights in the biggest risk reducing elements

The view of the Chief Financial Officer

How to reduce 75% of the breach cost

How to calculate a return on security investment

Register your spot More info

Zero Trust requires continuous verification and validation of identities, devices, and applications, based on the principle of “never trust, always verify.

In 2023, we reinforce our commitment to cyber resilience by embracing the Zero Trust Strategy and its principles. The Zero Trust strategy, with its mantra of “never trust, always verify”, applies to all users, devices, and networks.  Recognizing that security threats and human errors can come at any time, from anywhere. We accepted that we will never have a clear line of sight on the next attack, but we do have a clear line of sight on what we need to defend.

A Zero Trust approach provides the necessary data and insights to continually analyze the long-term effectiveness of our risk management strategy and demonstrate the value of our cybersecurity initiatives.

It is crucial for you, the board, to understand the value of our risk investments. By quantifying cyber risk and expressing it in potential costs, we can effectively communicate the organization’s cyber risk posture and help you make informed decisions about resource allocation and risk mitigation.

A Zero Trust approach provides the necessary data and insights to continually analyze the long-term effectiveness of our risk management strategy and demonstrate the value of our cybersecurity initiatives.

Zero Trust Marathon

This is not a sprint, but a marathon, and boards and supervisors need tools to measure our progress and progression and report on it regularly. In 2023, we completed 35% of our journey. We expect to achieve 60% next year.

In conclusion, a Zero Trust strategy, combined with a robust approach to cyber risk management, is crucial for the resilience of our organization in the realm of cybersecurity.

It moves us beyond a prevention-oriented mindset, assesses risks per critical component, and equips us with the necessary tools and insights to navigate the ever-changing cyber threat landscape.

By embracing Zero Trust, we can build a strong defense, protect our critical components, and ensure the long-term security and success of our organization.

Embracing Zero trust is a one-time effort with an annual benefit to our cost, continuity and it safeguards our future earn capacity. Above all, it re-establishes our commitment to our customers, suppliers, partners and employees.

Thank you for your attention, and I am always open to any questions you may have.