I see far too many failures and missed opportunities by cybersecurity organizations that have not adopted meaningful sustainability structures to maintain efficacy and efficiency.
A healthy cybersecurity program must adapt to a rapidly changing risk landscape and improve over time.
Therefore, leadership must be purposeful in instituting capabilities that both prevent losses from occurring as well as minimize losses when incidents do happen. A continuous improvement cycle reinforces adaptation to ensure alignment to evolving threats. Every domain of cybersecurity must follow such a framework to empower the organization’s effectiveness at managing cyber risks and resiliency over time.
Makes sense. Prevent what is possible and minimize losses of everything else.