Capital market stakeholders across the spectrum are as primed as ever to take action on an issue that affects us all: cybersecurity. Fifty percent of U.S. chief executives say they are “extremely concerned” about cyber threats, according to a recent survey. Boards of directors are engaged on the issue, while investors overwhelmingly perceive cybersecurity attacks as one the biggest risks to their portfolios. For policymakers at home and overseas, cybersecurity continues to climb the list of priorities.
This rising cyber-awareness is necessary and fitting, given the urgency of confronting cybersecurity threats and the astonishing aggregate cost of today’s cyber-attacks. Yet as momentum picks up, we must carefully consider our overall approach to cybersecurity risk management — there are several possible paths ahead. Moreover, cybersecurity is particularly challenging terrain, given its complex and shifting nature. Organizations face varying threats and actors, all in the