skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Straight Talk IT

Ovum view

Security professionals know that cyber-attacks will invariably penetrate their organizations, and that appropriate cybersecurity strategies must focus on detection, damage limitation, and remediation. Ensuring that such a strategy is in place, and closely monitoring the response of the organization to cyber-threats, is a board-level responsibility, and though it now registers higher on the priority list for senior executives, I believe the time has come for regulation as part of corporate governance to ensure that every company is taking sufficient action.

The level of cyber-risk has reached a point where it represents a continuous threat to the health of the organization, and board members must understand the potential impact of attacks on the company in areas including its operations (both physical and online), staff, reputation, and financial standing. There must be a close relationship with the chief information security officer (CISO) or their equivalent, with regular communication on investment in security defenses, the response plans that are in place, security awareness and training, the current level of threat, and details of significant incidents.

There is no doubt that boards are now taking these issues more seriously, driven in large part by regular and repeated evidence of cyber-attacks and their consequences. In the US, the SEC commissioner noted that boards of the largest enterprises are almost all now taking responsibility for oversight of cyber-risk management; in the UK there has been strengthened guidance from government to boards on these issues; and in many countries there is increased transparency and sharing of security intelligence.

However, when a significant cyber-attack does get through, it is rather akin to a baring of the corporate soul (particularly now that the reporting of these incidents is mandated), and it's clear from the majority of such cases that there continue to be major failings in both the state of readiness and the plan for response.

Handling of cybersecurity matters is delegated to the audit committee in some enterprises, or to a specialist subcommittee in others, but ultimate responsibility lies with the main board and its directors. I believe it is now time for the board to publish a more formal summary of its cyber-risk preparations and oversight, as part of its annual reporting. This should demonstrate that the board has considered the range of risks and their possible consequences, has ensured that there are sufficient expert resources and capability investment to address these risks, and is undertaking regular reviews of the risk landscape and testing the organization's readiness to respond.

While it is certainly no panacea against cybersecurity incidents, such regulation should encourage organizations to follow good practice in their cybersecurity preparation and give stakeholders greater visibility and assurance into what is potentially the greatest risk that faces every enterprise.

Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now