Skip to main content
close search
site logo

CISA director urges top business leaders, board members to take cyber risk ownership

Jen Easterly said the government cannot solve challenges posed by rising threat activity without active participation and corporate oversight from the private sector.

Published March 24, 2023
David Jones's headshot
Reporter
CISA Director Jen Easterly, RSA Conference 2022
Matt Kapko/Cybersecurity Dive

U.S. corporate leaders need to embrace cybersecurity as an issue of central importance to the success of their businesses, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said.

Easterly, in a Thursday appearance before the Economic Club of New York, told attendees that top corporate executives, including CEOs and corporate board members, need to understand the risks posed by cybersecurity and take an active role in. 

Speaking just weeks after the Biden administration unveiled the national cybersecurity strategy, Easterly said this is not an issue the government can fix on its own, but businesses will need to play an important role in solving.  

The comments come at a time of rising threat activity from nation-state adversaries and criminal-threat actors. The U.S. government and critical infrastructure providers, which range from banks to energy companies and hospitals, have become targets of threat activity in recent years. 

Federal law enforcement and regulators like the Securities and Exchange Commission are pressing U.S. companies to disclose threat activity and share information in order to prevent malicious activity from spreading to other sectors of the economy. 

Easterly’s comments came just one day after the release of an updated corporate governance guide that is used by board members across the country to address cybersecurity risk.

Easterly, on Wednesday, helped unveil the fourth edition of a key cyber risk handbook from the National Association of Corporate Directors and the Internet Security Alliance, and wrote the forward for the new guide. 

The NACD-ISA Cyber Risk Oversight Handbook details how corporate leadership should help manage cyber risk. The handbook was developed in collaboration with the U.S. Department of Justice and the Department of Homeland Security and details.

The guide underscores the critical role CEOs and board members play in managing cybersecurity, Easterly said. 

“CEOs and board members have to embrace corporate cyber responsibility as a matter of good governance,” Easterly said. “Not as something the IT people worry about.”

Of all the various risks facing U.S. companies, cyber risk is one of the most difficult to manage, according to Peter Gleason, president and CEO of NACD. 

Data breaches are costly, disruptive to business and very difficult to prevent and detect. 

“They can be devastating to customer trust and inflict long-term financial costs and operational damage,” Gleason said via email. “The need for board engagement and oversight on cyber could not be more critical.”

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Leadership & Careers
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell