Over the last 21 years, “misuse” and “human error” have been seen as the most significant root cause of data breaches. From 2000 to 2021, we observe 4,457 human errors out of 10,363 errors as the root cause. According to research report Ponemon “Data breach costs rose from US$3.86 million to US$4.24 million, the highest average total cost in the history ” We also know that 287 is the average number of days taken to identify and contain a data breach. The longer it took to identify and contain, the more costly the breach.
In Figure 1 we observe that the cybersecurity industry is now better at identifying actors. Second, there is a significant rise in organized crime (5% to 38%), and lastly, the danger of mistakes by developers is increasing (from 0% ten years ago to 11% today). The actors have become increasingly sophisticated, and the impact is more catastrophic than 20 years ago.
Figure 1 A 15-year cumulative change in identified actors in Cyber security incidents
“In our world of machines, robots, and algorithm-based decision-making, technological and political trends will continue to influence our profession. This will call for new capabilities and expertise.”
How can we manage these continuously evolving threats of human errors and bad actors manipulating our data? In our current and future world of machines, robots, and algorithm-based decision-making, technological and political trends will continue to influence our profession. This new world will call for new capabilities and expertise. Thus, jobs will require new skillsets to take into account, that address the future challenges we see ahead. The role of CEO and CFO will change due to tech dominance in business, and the position of the (chief) security officers and risk and security leaders will change. Zukin et al. (2018) state “A broader skillset, including communication, change management, and leadership, is required to respond quickly and collaboratively to evolving cyber threats.”
Also, the SEC recognizes this as a profession that must be directed top-down from the board. The CSO role is embryonic compared to that of the CFO and not completely clear about expectations, let alone all the positions that work below the CSO required to address the issues mentioned in our introduction.