The cyber crisis impacting U.S.-based enterprises is often swept under the IT rug as a technology issue to be delegated to and resolved by information technology experts who have little to no view on the overall organization’s business or risk issues. At the recent RSA Security Conference, session after session and meeting after meeting, researchers, CSOs and consultancies voiced the same issues: It’s a business problem, not a technology problem, because you're not securing IT – you need to secure the business.
In a public company, would IT staffers be concerned with the recent HBGary research that cyber attacks can affect investor decisions and stock prices? Probably not. But the C-suite has the unique ability to understand business risk, and once you understand that your market cap is dropping due to cyber crime exposure and risk, you understand you have a business problem. Here are the facts: