Information security is one of the fundamental aspects of business risk, according to Mike Maddison, partner at Deloitte.
Maddison said it was no longer true that business boards do not understand cyber threats as a business risk. “The board does now ‘get it’ in our experience,” he said.
This is evidenced by the number of times information security cropped up as a topic of discussion at the 2013 World Economic Forum summit in Davos Switzerland, he said.
According to Maddison, there is a growing understanding that there are two types of organisation when it comes to cyber security: those that know they have been breached, and those that do not.
Read more on cyber risk
- Tips for reducing security risks in 2013
- Businesses fail to address consumerisation security risks
- Technology risk management and business continuity guide for CIOs
- Security Think Tank: A risk-based approach to security is key to business alignment
- Security Think Tank: People and risk key to aligning security and business
The challenge now, he said, is for the information security industry to advise businesses on how best to respond to that risk and adapt to constantly evolving cyber threats.