3 Ways to Cybernance Your Enterprise
What does it actually mean to manage and oversee cyber risk using a comprehensive cybergovernance framework?
In a recent customer conversation, we heard someone say he had “cybernanced” his organization. As far as I know, that was the first time our company’s name had been used as a verb, and we began pondering an appropriate definition.
For inspiration, I searched for similar words. “Prefinance” is the closest sounding verb I found; it means “to make financial arrangements in advance.” Cybernance as a verb shares an element of this definition, since it implies planning ahead, i.e. “deploying cyber risk defenses in advance.”
From all the conversations with clients who’ve told us how they use CMOM, three common elements define what “to cybernance” means to them:
Few enterprises take a comprehensive view when they attack cyber risk. In deciding where to allocate resources, they think only of technology, reacting to the latest perceived threat or the latest cool product.“To cybernance” means to realize that mitigating cyber risk involves planning comprehensive efforts around risk management (processes, procedures, and products), risk culture (employees), and risk influence (partners.)
Cyber risk assessments in the pasts have taken many forms. Before standards were in place, spreadsheet checklists were often used. Even now that recognized standards exist, consultants tend to develop their own unique methodology.“To cybernance” means to employ a comprehensive framework based on recognized standards as the basis for overseeing and managing cyber risk mitigation.
As clients assess cyber risk and plan their defenses using standards, they are pleasantly surprised when they see that it improves their entire operation. Peter Drucker famously said, “What’s measured improves.” Continuously monitoring and enhancing cybersecurity infrastructure enhances almost every operations within the business.“To cybernance” means to achieve operational excellence by scrutinizing and tracking 400 control points and following the expert guidance built into the standardized frameworks.