Governments or regulators are getting so sensitive about cyber security they may demand publicly-traded companies to undergo annual cyber audits as well
Governments or regulators are getting so sensitive about cyber security they may demand publicly-traded companies to undergo annual cyber audits as well as financial audits, says a former U. S. Homeland Security secretary who is now a consultant on risk management.
Tom Ridge made the prediction to a Canadian audience at the third annual International Cyber Risk Management Conference in Toronto, where he also repeatedly asserted that to fight cyber attacks the public and private sectors have to build resilient organizations.
Companies regularly bring in third parties to check finances, he noted, even though they believe their C-level executives are top. Similarly, he said, “at some point in time the business community is going to say, ‘I got a great CSO, chief technology officer… but just to be sure I want to bring in to see if there’s new technology, if they’ve got a new cyber auditing process.
Then he added, “I believe in the United States of America, if you’re a publicly-traded company in the next few years, [government] may require a cyber audit in addition to a fiscal one.”
Cyber security, he said “is no longer the poor CISO’s problem.”
Asked in an interview if governments should be more aggressive in regulating companies to improve their level of cyber security, he said there’s a positive role for governments to play.
