According to a recent article in the Wall Street Journal, corporate boards are getting much more involved in cybersecurity. What's driving this behavior? While the Target breach probably influenced this behavior, corporate boards now realize that cybersecurity has become a pervasive risk that could have an adverse impact on all businesses.
This is consistent with recent ESG research that found 29% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) said that executive management (and the corporate board) is much more engaged in cybersecurity situational awareness and strategy than it was two years ago, while another 40% stated that executive management (and the corporate board) is somewhat more engaged in cybersecurity situational awareness and strategy than it was two years ago (note: I am an ESG employee).
What does this mean? Further board-level participation in all things cybersecurity has several ramifications for the infosec community at large (i.e. security professionals, product vendors, service providers, researchers, etc.):
For years, infosec professionals complained about the lack of cybersecurity knowledge and prudent decision making by business executives. As this apathy abates, CISOs and security industry leaders find themselves with more money in one hand and more responsibility in the other. On balance, this is a very positive step, but it's important to realize that we are in uncharted water. Those few individuals, vendors, and service providers that offer real help navigating these rough seas will be in high demand.