Faced with growing threats, companies need cyber skills at the top
Faced with growing threats, companies need cyber skills at the top
President Biden called for companies to raise their cyber defenses this week as the risk of attack from Russian hackers increases. Of highest concern is critical infrastructure like communications technology and electricity. But in the digital age, pretty much every industry and company has some sort of vulnerability to cyberattacks, even if they might not know it.
We’ve got a shortage of cybersecurity professionals in this country, including at the highest levels of many companies and the boards that oversee them, which can make for some big cyber blind spots.
There are about 400,000 unfilled positions in cyber security in the U.S. according to the trade group ISC(2), and that’s likely an undercount, according to CEO Clar Rosso.
“That is only the organizations that have prioritized cybersecurity staff,” Rosso said. Many companies, particularly small and medium-sized ones, still don’t know what they don’t know.
According to a report from IT service firm, Navisite, almost half of companies don’t have a dedicated chief information security officer.
They can be tough to hire, said Todd Thibodeaux, president and CEO of the Computer Technology Industry Association.
“They’re probably already working for other people. So if you can’t find someone in the market, nurture someone on your team into that role,” he said. People in other tech leadership roles can be trained on cybersecurity fundamentals through certification programs.
But first, company boards need to step up, according to Friso van der Oord, Senior Vice President of content at the National Association of Corporate Directors.
“Boards should be comfortable challenging management on how well this particular risk area is managed,” van der Oord said.
He said only 4% of directors for the biggest U.S. companies on the Russell 3000 Index have the cybersecurity expertise needed to do that challenging. “That’s an enormous gap.”
This week the Securities and Exchange Commission proposed a new set of rules that would require public companies to disclose whether they have cyber security experts on their boards, and what their strategies are to manage the risks.
Stories You Might Like
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.
