WASHINGTON — Business leaders should think of cybersecurity as an investment in the success of their organizations, according to Acting National Cyber Director Kemba Walden.
The success of the national cybersecurity strategy will be measured in part by the way companies get a return on their investment in building resilience, Walden said Tuesday at the Billington Cybersecurity Summit in Washington.
Walden said she has been spending a considerable amount of time figuring out the best way to measure the success of a cybersecurity program, and has also thought a great deal about how industry partners in the private sector measure success in this area.
Walden spoke recently to a CISO at a large company who told her the company CEO wanted to know where a breach that had occurred recently shows up on his stock ticker. Other companies want to know the impact of cyber on their profitability, Walden said.
“So when you start thinking about measuring cybersecurity and when it comes to industry, how do I project what is important to the mission of cybersecurity and what is important to industry as it relates to their goals?” Walden asked during a fireside chat with Bryan Ware, chief development officer at ZeroFox.
Cybersecurity is a capital expenditure that can help companies be more resilient against malicious attacks, decrease downtime and boost profitability.
Walden, one of the architects of the Biden administration’s plan to boost cyber resilience, is working with private sector partners and other federal agencies to implement the plan and measure results.
The Biden administration has taken several key steps to implement the strategy, including two requests for information related to cyber policies.
- The Office of the National Cyber Director in July issued an RFI on harmonizing cybersecurity regulations, a move designed to get public input on ways to eliminate duplicative and overly burdensome requirements, particularly in connection with critical infrastructure. The deadline for submissions has been pushed back to Oct. 31, from an original date of Sept. 15.
- ONCD also issued a RFI regarding the security of open source software, which was identified as a major concern during the Log4j vulnerability crisis, as well as the development of memory-safe programming languages.