3 Interesting Articles

How Much Cybersecurity Expertise Do Boards Really Have?
Wall Street Journal ($): The presence of directors with cybersecurity experience in S&P 500 companies has noticeably increased, with 107 directors at 113 companies, up from 86 directors at 91 companies since last year. However, such expertise is still relatively scarce, representing only 2.3% of directors across the index. This surge likely stems from heightened awareness of cybersecurity’s centrality to long-term business performance and the escalating risks of cybercrime. Despite the increase, debate persists over whether each board necessarily needs a director with cybersecurity specialization, with some preferring a boardroom with widespread, albeit not expert, cyber knowledge. While many boards claim cybersecurity expertise, the limited confidence in handling cybersecurity incidents suggests a potential vulnerability and raises questions about the efficacy of board oversight in cybersecurity matters.

MGM, Caesars Cyberattack Responses Required Brutal Choices
Dark Reading: An update from the recent cyberattacks on MGM Resorts and Caesars Entertainment showcase contrasting incident response strategies. Caesars paid a $15 million ransom for a swift recovery, while MGM opted not to pay, enduring over 10 days of operational downtime and substantial revenue loss. Experts caution against drawing simplistic conclusions about which strategy was better. The decision to pay or not involves complex business considerations, and the “right” choice varies based on specific circumstances. While paying a ransom may offer short-term relief, it doesn’t guarantee data security and potentially encourages further attacks. Both companies’ reactions reflect their respective business priorities, with MGM valuing long-term cybersecurity gains and Caesars prioritizing immediate operational continuity.

Education ransomware attacks cost over $53B in downtime over 5 years
K-12 Dive: Up until mid-September 2023, there have been 102 education-related ransomware attacks, with an average downtime due to these disruptions increasing from 7.9 days in 2022 to 11.6 days in 2023. Although K-12 schools have been historically more targeted (319 attacks between 2018 and 2023, versus 240 on colleges), the trend is shifting, with more colleges being targeted in 2022 and 2023. Regardless of whether the institutions opt to pay the ransom, substantial financial damage is usually incurred, with the average cost of downtime across various industries amounting to $8,662 per minute. These attacks not only disrupt or cancel lessons but also put sensitive student and staff data at risk of exposure, as witnessed in recent attacks on school districts in Maryland and Pennsylvania.

2 Stats You Should Know

A recent survey found that the average time to detect and respond to a security incident has increased over the past 2 years. More than 80% say that manual investigation of threats slows down their overall threat response times. (source)

The Global AI in Cybersecurity Market size accounted for USD 14.9 Billion in 2021 and is estimated to reach the market value of USD 133.8 Billion by 2030. (source)

1 More Thing

Did you know that 2023 commemorates the 20th annual Cybersecurity Awareness Month? Stay tuned this October as we unveil a series of insights, alarming statistics, and intriguing facts related to cybersecurity!