Marketplace Logo Donate

Daily business news and economic stories from Marketplace

Faced with growing threats, companies need cyber skills at the top

Heard on:
Blue cords behind large computer servers.

As the risk of cyberattacks increases, many companies find themselves without the relevant staff. Getty Images

get the podcast

President Biden called for companies to raise their cyber defenses this week as the risk of attack from Russian hackers increases. Of highest concern is critical infrastructure like communications technology and electricity. But in the digital age, pretty much every industry and company has some sort of vulnerability to cyberattacks, even if they might not know it. 

We’ve got a shortage of cybersecurity professionals in this country, including at the highest levels of many companies and the boards that oversee them, which can make for some big cyber blind spots.

There are about 400,000 unfilled positions in cyber security in the U.S. according to the trade group ISC(2), and that’s likely an undercount, according to CEO Clar Rosso.

“That is only the organizations that have prioritized cybersecurity staff,” Rosso said. Many companies, particularly small and medium-sized ones, still don’t know what they don’t know.

According to a report from IT service firm, Navisite, almost half of companies don’t have a dedicated chief information security officer.

They can be tough to hire, said Todd Thibodeaux, president and CEO of the Computer Technology Industry Association.

“They’re probably already working for other people. So if you can’t find someone in the market, nurture someone on your team into that role,” he said. People in other tech leadership roles can be trained on cybersecurity fundamentals through certification programs.

But first, company boards need to step up, according to Friso van der Oord, Senior Vice President of content at the National Association of Corporate Directors.

“Boards should be comfortable challenging management on how well this particular risk area is managed,” van der Oord said.

He said only 4% of directors for the biggest U.S. companies on the Russell 3000 Index have the cybersecurity expertise needed to do that challenging. “That’s an enormous gap.”

This week the Securities and Exchange Commission proposed a new set of rules that would require public companies to disclose whether they have cyber security experts on their boards, and what their strategies are to manage the risks.

What's Next

Latest Episodes From Our Shows

Listen
5:02 PM PDT
13:53
Listen
4:29 PM PDT
28:38
Listen
1:40 PM PDT
1:50
Listen
10:00 AM PDT
31:02
Listen
Jun 30, 2022
7:31
Listen
Jun 30, 2022
7:35
Listen
Jun 28, 2022
26:17
Exit mobile version