I know a lot of persuasive folks in the cybersecurity community who can easily conjure up a dozen different cyberattack scenarios detailed enough to scare the socks off any board member. Many of us have been hearing about these hypothetical disasters for a decade or longer.
Senior leaders are nervous – and spending copiously. Yet, even as the defense of enterprise data has grown into a steadily expanding $93 billion a year global industry, cyberthreats, by and large, remain an abstract, catch-all notion in many board rooms.
Encouragingly, that’s beginning to change. A confluence of developments makes this so. Mainly, the disclosures of actual nightmare breaches, which climbed to new heights in 2016 and 2017, show no signs of slowing. This pattern has prompted newly minted state regulations in New York and Colorado, mandating improved data protection practices – a harbinger of more such regulations to come. Meanwhile in Europe,