Is your organization on a hacker’s target list? Stop for a moment and ask yourself: how easy of a target is your organization?  How stop and think about tomorrow!  With the continued digitization movement and all the new IoT devices, connected cars, smart buildings and homes, it is a target rich environment.

But wait, there’s more. An interesting observation was made recently that spurred a substantial amount of discussion in certain cybersecurity circles.The observation was that most CSOs and CISOs do not know the current number of servers, computers and devices that are within their domain and that need protection. While this number is often difficult to obtain, especially when you take into account all of the third-party devices that retrieve or produce data and have access to your networks, some believe that it is essential to have an accurate account and to track changes over time.

In the past year, C-level executives and boards have increased their levels of concern and involvement when it comes to protecting the digital assets of the organization. Bay Dynamics recently reported “The proportion of board members who consider cyber risk to be a “high” priority issue has grown from 7 percent in 2014 to 30 percent today and expected 44 percent by 2018.” That will increase CSOs and CISOs visibility with the board as well as their pressure to perform.

The scope of what you need to protect has seen a steady increase of the years, and the rate of increase will grow substantially in the next few years with all the technologies that are on the horizon. Factor in that cyber attackers have consistently moved faster and have been more creative and innovative than our cyber defenses.  All of this increases the likelihood that your organization will be targeted and likely compromised in the not so distant future. 

Recent analysis has found that for under $200 USD, malicious code can be purchased that is an effective method of launching a cyberattack. But wait, there’s more! Multiple management consulting firms have forecast higher merger and acquisition (M&A) activity in 2017. Examining the cyber risks of entities being looked at as a potential M&A candidate has become an essential part of the process and factors into the decision and pricing. Think of the implications if your organization is an M&A candidate and the assessment finds cybersecurity issues and the price is lowered!  Now consider the implication if the M&A cyber review uncovers a breach. That would definitely impact the price and could result in the M&A plans being cancelled. 

All of that increases the likelihood you will be targeted and compromised in the future. A recent Insurance Journal report concluded that in 2017, cyber risks will intensify as hackers become more cunning. That puts you, the CSO and CISO on the front line.

Another report by management consultants McKinsey stated that companies with a C-level security position scores 30 to 40 percent better than those that don’t. That is clearly a value measure of your work!  However, that does not remove you from the target list for hackers. You can’t rest on your past achievements! It is essential that CSOs and CISOs quickly move to increase response to changes in the cyber risk environment and to improve the effectiveness and efficiency of their cyber risk management efforts. It's time for all CSOs and CISOs to create and maintain a cybersecurity scorecard that is graphic and numeric, and that is designed specifically for the C and board level audience.