Faced with growing threats, companies need cyber skills at the top

Meghan McCarty Carino Mar 24, 2022
Heard on:
HTML EMBED:
COPY
As the risk of cyberattacks increases, many companies find themselves without the relevant staff. Getty Images

Faced with growing threats, companies need cyber skills at the top

Meghan McCarty Carino Mar 24, 2022
Heard on:
As the risk of cyberattacks increases, many companies find themselves without the relevant staff. Getty Images
HTML EMBED:
COPY

President Biden called for companies to raise their cyber defenses this week as the risk of attack from Russian hackers increases. Of highest concern is critical infrastructure like communications technology and electricity. But in the digital age, pretty much every industry and company has some sort of vulnerability to cyberattacks, even if they might not know it. 

We’ve got a shortage of cybersecurity professionals in this country, including at the highest levels of many companies and the boards that oversee them, which can make for some big cyber blind spots.

There are about 400,000 unfilled positions in cyber security in the U.S. according to the trade group ISC(2), and that’s likely an undercount, according to CEO Clar Rosso.

“That is only the organizations that have prioritized cybersecurity staff,” Rosso said. Many companies, particularly small and medium-sized ones, still don’t know what they don’t know.

According to a report from IT service firm, Navisite, almost half of companies don’t have a dedicated chief information security officer.

They can be tough to hire, said Todd Thibodeaux, president and CEO of the Computer Technology Industry Association.

“They’re probably already working for other people. So if you can’t find someone in the market, nurture someone on your team into that role,” he said. People in other tech leadership roles can be trained on cybersecurity fundamentals through certification programs.

But first, company boards need to step up, according to Friso van der Oord, Senior Vice President of content at the National Association of Corporate Directors.

“Boards should be comfortable challenging management on how well this particular risk area is managed,” van der Oord said.

He said only 4% of directors for the biggest U.S. companies on the Russell 3000 Index have the cybersecurity expertise needed to do that challenging. “That’s an enormous gap.”

This week the Securities and Exchange Commission proposed a new set of rules that would require public companies to disclose whether they have cyber security experts on their boards, and what their strategies are to manage the risks.

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.