Against the backdrop of the current economic climate, which is marked by increasingly sophisticated investor expectations, listed companies have been placing greater emphasis on their extra-financial performance in their latest half-yearly results. In addition to environmental and social reporting, which have become equally important, cybersecurity is rapidly emerging as a key criterion for a growing number of companies concerned about their long-term viability and attractiveness.
On the other side of the Atlantic, the Securities and Exchange Commission (SEC), responsible for financial regulation in the United States, is accentuating this trend by now requiring listed companies to communicate transparently and publicly not only about the cyber attacks they have suffered, but also about the governance and processes in place to manage cyber risk within an organization. Commenting on the publication of the new cyber requirement, the Chairman of the SEC said: "Whether a company loses a factory in a fire, or a million files in a security incident, it can be important to investors" . This imperative for transparency reinforces the idea that the level of cybersecurity maturity is now firmly anchored at the heart of key indicators required to demonstrate a company's strength and agility.
Laurent Célérier is the Executive Vice-President Central Europe & International Business at Orange Cyberdefense.
Robust cybersecurity
First and foremost, a high level of cybersecurity is rewarding for a company, because it reflects a mastery of its digital transformation: the opportunities and associated risks are carefully assessed and taken into account. What's more, over and above IT security in the strict sense of the term, it demonstrates a company's mastery of the general process of transformation and adaptation, whether the issue is business, regulatory or geopolitical, amongst others.
Robust cybersecurity also reflects financial solidity and a long-term vision, which is the only way to mobilize the investment needed over the long term to achieve a satisfactory level in this area.
By ensuring the security of valuable assets such as intellectual property, brand names and the confidentiality of exchanges and personal data, a company is also protecting its future and the quality of its relations with its stakeholders and confirming its seriousness and sense of responsibility. A high level of security is a sign of a well-structured company, and of the commitment of its employees to safeguarding its business: 47% of security incidents , originate from internal actors, whether voluntarily or not. Regular awareness-raising and training are not only necessary, but also a sign of the company's commitment to invest in the ongoing skills training of its employees, a guarantee of its long-term future.
What's more, a company that performs well in cybersecurity is a highly attractive employer. Cybersecurity experts are highly sought after in today's job market: a study by Cybersecurity Ventures predicts that 3.5 million cyber jobs are likely to be unfilled by 2025. Succeeding in hiring and retaining this type of profile is therefore a testament to one’s ability to attract talent, whatever the field in question.
Conversely, a low level of cybersecurity can raise legitimate questions about a company's sustainability, ethics and intrinsic values.
Assessing the level of cybersecurity
In addition to the integrated reports produced by listed companies or the communications required by regulations, there are many tools available for assessing the level of cybersecurity, tailored to the varied needs of companies of all sizes. These can take the form of full audits in line with the internationally recognized NIST, ISO or SOC2 frameworks, or in a much lighter, if less precise way, through self-assessments or automated external scans. An analysis of dedicated investment can also give some initial indications: less than 5% of IT expenditure may indicate a worrying weakness, 5% to 10% a satisfactory level, and more than 10% a lead over the competition which will help to limit the occurrence and impact of an attack, which is always possible.
In conclusion, the level of cybersecurity can today be seen as an essential indicator of a company's current performance and potential for development. A high level of maturity in terms of cybersecurity testifies to a clear, long-term vision, a capacity for structured transformation, financial solidity and, finally, a deep commitment on the part of employees, all of which are essential if customers, investors and employees are to be persuaded to make a joint commitment.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
