Cybersecurity: from Cost Center to Strategic Investment

Once seen as a cost center, cybersecurity is increasingly understood as a business driver and strategic investment.  Both external and internal forces are at work. The pace and audaciousness of cybercrime, increasingly brazen intellectual property theft (which IBM estimates cost business $4.35 million per breach), and the actions of a few nations have much to do with the changes now underway.

It’s not simply the quantity, but also the quality of cyberattacks and the effect on the bottom line that has made cyber liability emerge as a critical concern for executives. And when it comes to dealing with risk, cybersecurity insurance can’t do it alone. There are now evolving sets of best practices that executives must engage with.

In the wake of a series of high profile breaches, shareholder lawsuits have become more commonplace as parties seek to recover for losses following cyber attacks. These lawsuits very often are smartly keyed into attacks that were either reasonably foreseeable or, once known to leadership, mismanaged. 

Consider that just in the last six months alone we learned that SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit following the massive breach they, and their clients, suffered in 2020. Coming fast on the heels of that settlement, Solarwinds is also expecting to be hit with an enforcement action by the Securities and Exchange Commission (“SEC”). 

Attacks against critical infrastructure have become a feature of today’s news and national cybersecurity strategies are taking such attacks into account. In the United States, cybercrime against critical infrastructure is now judged a threat to national security. Organizations are on the hook to improve their cybersecurity posture, with mandates coming in fast. 

Just last March, the SEC announced proposed rules on cybersecurity risk management, strategy, governance, and incident disclosure. The rules are meant to address concerns of increasingly significant cybersecurity hazards for public companies. 

Among the key elements, the proposed rules would require public companies to disclose material cybersecurity risks and incidents. The SEC stated that “materiality” for purposes of the proposed rules would be consistent with applicable case law and precedents. Further, publicly traded companies would be required to report cybersecurity incidents on Form 8-K within four days of determining that the incident is material.

With these rapid changes top of mind for executives and boards, cybersecurity should be embedded into everything that we do and organizations will be challenged to plan and prepare, regularly reporting and continuously monitoring risks. Are you ready?

PUBLISHED BY

Red Sift

28 Mar. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Product Release

Stream Red Sift telemetry to Sentinel, Splunk, and more with Event Hub

Francesca Rünger-Field

Event Hub is a new capability that streams real-time, structured security events from Red Sift products into the platforms security teams already use: SIEMs, SOARs, XDRs, ticketing tools, messaging platforms, and cloud storage. It enables faster, more consistent response by pushing telemetry directly into the workflows where detection, triage, and remediation already happen. Whether…

Read more
Thought Leadership

How the EU can mandate stronger email security

Antony Seedhouse

Executive summary: The article examines how the EU can proactively close email security gaps by leveraging the NIS2 Directive to mandate robust, harmonized standards like DMARC, DKIM, and SPF across all member states. By acting now, the EU not only protects its digital ecosystem but also sets a global benchmark for cybersecurity best practices.…

Read more
News

Europe’s #1 for DMARC: Red Sift OnDMARC does it again

Francesca Rünger-Field

G2’s Summer 2025 Report has landed, and we’re proud to share that Red Sift OnDMARC remains the #1-rated DMARC solution in Europe. This marks another strong season for OnDMARC, with continued recognition across G2’s category reports. We were featured in 18 reports this quarter, taking top spots in the Mid-Market Results Index and Mid-Market…

Read more
Cybersecurity

Healthcare and cybersecurity: 73% of breaches lack DMARC enforcement

Faisal Misle

The healthcare sector has become a target for both low-level and occasionally spectacularly successful cyberattacks. Hospitals, insurers, medical supply chains, service providers and medical organizations are prime targets for threat actors, with email phishing attacks, ransomware, and data breaches on the rise. In 2024, 94% of U.S. healthcare organizations experienced a cyberattack, with the average cost…

Read more