The move provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.
Wall Street has been abuzz this week over drastic measures by credit ratings agency Moody’s to downgrade its rating outlook of Equifax, with expensive data breach fallout named as a major factor for the poor marks. While the action was not unexpected, the landmark nature of the outlook should provide some needed emphasis to both boards of directors and CISOs of the modern business imperative for cyber resilience, security and risk experts say.
“Today’s news puts a punctuation mark on the business reality of cybersecurity risks,” says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, who believes this is going to push more boards to take in increasingly active role in understanding and managing cybersecurity risks. “They definitely need to do more than ask the CISO some high-level questions. Equifax is in the hot seat now, but most of the Fortune 500 CEOs and CISOs would do no better in the same situation.”