U.S. corporate leaders need to embrace cybersecurity as an issue of central importance to the success of their businesses, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said.
Easterly, in a Thursday appearance before the Economic Club of New York, told attendees that top corporate executives, including CEOs and corporate board members, need to understand the risks posed by cybersecurity and take an active role in.
Speaking just weeks after the Biden administration unveiled the national cybersecurity strategy, Easterly said this is not an issue the government can fix on its own, but businesses will need to play an important role in solving.
The comments come at a time of rising threat activity from nation-state adversaries and criminal-threat actors. The U.S. government and critical infrastructure providers, which range from banks to energy companies and hospitals, have become targets of threat activity in recent years.
Federal law enforcement and regulators like the Securities and Exchange Commission are pressing U.S. companies to disclose threat activity and share information in order to prevent malicious activity from spreading to other sectors of the economy.
Easterly’s comments came just one day after the release of an updated corporate governance guide that is used by board members across the country to address cybersecurity risk.
Easterly, on Wednesday, helped unveil the fourth edition of a key cyber risk handbook from the National Association of Corporate Directors and the Internet Security Alliance, and wrote the forward for the new guide.
The NACD-ISA Cyber Risk Oversight Handbook details how corporate leadership should help manage cyber risk. The handbook was developed in collaboration with the U.S. Department of Justice and the Department of Homeland Security and details.
The guide underscores the critical role CEOs and board members play in managing cybersecurity, Easterly said.
“CEOs and board members have to embrace corporate cyber responsibility as a matter of good governance,” Easterly said. “Not as something the IT people worry about.”
Of all the various risks facing U.S. companies, cyber risk is one of the most difficult to manage, according to Peter Gleason, president and CEO of NACD.
Data breaches are costly, disruptive to business and very difficult to prevent and detect.
“They can be devastating to customer trust and inflict long-term financial costs and operational damage,” Gleason said via email. “The need for board engagement and oversight on cyber could not be more critical.”