Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The Big 8: How to heighten cybersecurity governance

By Tom Kellermann
cyber security governance
February 4, 2021

Cyber defenders worldwide can all agree that 2020 was a transformational year. Both CISOs and security teams battled increased attack volumes and data breaches as attack techniques including island hopping continued to grow in frequency and sophistication. In its annual risk index, the World Economic Forum stated that cyberattacks are one of the most significant risks posed to corporations. The potential threats associated with these attacks have gone well beyond monetary and data loss, as falling victim can lead to attacks on customers, reputation damage, and regulatory fines that can have a grave impact on businesses.

The daunting threats and attack techniques from 2020 are expected to continue into this year.  And while 2021 offers a fresh start, cybercriminals will continue to become increasingly savvy,  deploying a wide range of techniques to extort, disrupt, and infiltrate organizations. Now more than ever, government and corporate leaders and consumers must become engaged in ensuring effective cybersecurity strategies are in place. Below are eight steps organizations can implement to heighten cybersecurity governance:

  1. Recognize that the worst-case scenario has escalated - It’s no longer just about your network being under siege. Enterprise digital transformation is being commandeered via island hopping 55 percent of the time according to a recent report from VMware Carbon Black. Websites, shared folders, applications, and mail servers can all be used to attack your customers and partners, causing irreversible damage.
  2. Empower the CISO to directly report to the CEO - This demonstrates the strategic importance of cybersecurity within the organization. CISOs must be in lock-step alignment with the Board of Directors and the C-suite when it comes to cybersecurity strategy and plans. CISOs should participate actively in board meetings and provide regular status updates on threats, crisis preparedness, and response plans.
  3. Conduct reviews of internal cybersecurity policy - An independent, unbiased assessment must be conducted to ensure the right cyber policies and measures are in place. This should include participation from the board and internal key stakeholders to guarantee full alignment and an adequate response plan should a crisis arise.
  4. Confirm your processes and controls are bulletproof – Are your security controls integrated and has your company complied with the NIST Cybersecurity Framework? Following this type of third-party guidance can be helpful for organizations to follow and to ensure adherence to industry-leading practices.
  5. Stay up to date on regulations - Depending on jurisdictions your company is dealing with – US-only or international for example – be sure to tap an in-house or external General Counsel for advice on regulations such as  GDPR or the California Consumer Privacy Act. It’s best to have these conversations proactively versus after an attack takes place.
  6. Allocate at least 10 percent of your IT budget to cybersecurity - The board must be cognizant of today’s cybersecurity landscape and growing threats to ensure they understand the importance of budgeting for cybersecurity plans and response. As the risks grow, so does the need for more budget and attention on cybersecurity within an organization.
  7. Develop and regularly update a comprehensive incident response strategy - A proactive approach is always best. This will demonstrate an understanding that incidents will happen, and by being prepared and training for crisis response, organizations will be better armed when the real crisis occurs. Ensuring that team members from marketing, legal, and HR are involved is also critical to align about incident response plans.
  8. Communicate with customers and suppliers – Provide your customers and suppliers with best practices for cybersecurity and mandate that they comply with these regulations. This will prevent issues down the line and keep everyone involved in the supply chain better protected.

Today, all organizations are navigating digital transformation looking to accelerate their businesses. At the same time, Boards of Directors, CISOs, and executives alike must strike a balance between innovation and cybersecurity. A proactive cybersecurity strategy is a must to help organizations secure their most critical assets. Digital transformation and cybersecurity go hand-in-hand. In order to mitigate the threat posed by cybercrime cartels, organizations must become vigilant and ensure these eight fundamentals of cybersecurity governance are in place.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: cyber security governance information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tom kellermann

Tom Kellermann is the head cybersecurity strategist at VMware Carbon Black. Prior to joining VMware Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. In January 2017, Tom was appointed the Wilson Center's Global Fellow for Cyber Policy. Tom previously held the positions of chief cybersecurity officer for Trend Micro, VP of security for Core Security, and deputy CISO for the World Bank Treasury.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • securing the financial sector

    Ground truth in the financial threat landscape

    See More
  • smart-city-freepik1170x658b6.jpg

    Big data and smart cities: How to battle the pandemic while preserving privacy

    See More
  • cyber security freepik

    How women can break the cybersecurity glass ceiling - And why we need to help them

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing