Make Cybersecurity and Data Privacy Make Sense
At Fathom CyberTM, we make cybersecurity and data privacy make senseTM for your organization’s Officers and Directors. Shareholders, proxy services, regulators, and legislators hold organizations’ Boards of Directors and executives personally responsible for securing the organization’s digital assets and for ensuring consumer and customer data are kept private. But most C-level executives and Directors do not have the technical background needed to understand today’s cutting-edge cybersecurity tools or the complex web of data privacy laws. How do these senior executives meet their oversight obligations if they can’t understand the information they receive? By changing the way the organization’s staff, including the IT and legal staff, reports on its efforts. Instead of focusing on ports, TCP/IP headers, encryption types, or a sea of acronym-filled regulations, cybersecurity and data privacy information must be reported in business terms. We empower them with the business-based information they need to effectively govern the organization’s cybersecurity and data privacy efforts.
Don’t Just Focus on Dollars and Cents
Some vendors claim to give “business-oriented” reports because they associate a dollar value with a cybersecurity or data privacy risk. While this information has some limited value, the approach oversimplifies risk considerations that senior executives make every day. The organization’s leadership focuses on more than simply the dollars and cents impact of any issue. They take other considerations, such as mergers/divestitures or other anticipated organizational changes, pending or prospective customer contracts, and the ever-changing regulatory and legal landscape into account as well. So why should cybersecurity and data privacy information focus on dollars and cents?
Expect Truly Business-oriented Reports
What the organization needs is the ability to understand the impact a particular cybersecurity or IT issue will have on the organization. Business-oriented cybersecurity and data privacy reports should, for any issue, be able to identify:
- Customers affected;
- Business units and/or back-office groups affected;
- Whose information (e.g., customers, partners, or internal) and the types of information (e.g., customer records, source code, or business plans) that might be affected, lost, or compromised;
- Impending organizational changes or initiatives that are affected; and,
- Where the IT staff needs help to meet its obligations.
Many IT and security organizations today struggle to communicate this fundamental information with their senior executives. That’s where Fathom Cyber comes in. We use proven industry standards, including the NIST Cybersecurity Framework, to create a comprehensive lexicon that allows the officers and directors to more easily communicate with the entire organization, including the IT, legal, and security staff.
Become Confident and Conversant
Proper, business-oriented cybersecurity and data privacy information is important because the world increasingly holds Officers and Directors accountable when data breaches occur. Take, for example, Europe’s General Data Protection Regulation (“GDPR“), and New York State’s 23 NYCRR 500. Under GDPR, when a data breach occurs organizations can be fined as much as 20 million Euros or four percent (4%) of the organization’s annual global turnover, whichever is higher. Shareholders have a history of pushing for senior-level management changes, as happened with both Target’s and Equifax’s senior executives, when their organization incurs such massive, unexpected and avoidable fines and costs. Similarly, Under 23 NYCRR 500, a senior executive or Director must personally attest that the organization has in place, and is executing, a well-designed IT and cybersecurity plan. Fathom Cyber’s comprehensive, business-oriented reporting gives officers and Directors the confidence to know that their organization is truly meeting all of its obligations and allows them to be conversant in the issues when institutional investors, proxy firms, or regulators ask for details. In short, we make cybersecurity and data privacy make senseTM.
Leverage our Full Suite of Advisory Services
At Fathom Cyber, we specialize in helping organizations approach cybersecurity and data privacy from a business perspective. This includes board- and executive-level advisory and training services, as well as maturity assessments, cybersecurity and data privacy plan reviews, and other related advice. For more details about the services we offer, please visit our Services page.