As evidenced in Figure 3.1, cybersecurity is evolving. Consider developments over just the past two years:

• Based on 2016 estimates, large companies are worse off by an average of $200 million after a breach. As an example, when Yahoo sold its web services business to Verizon, it had to give a discount of $350 million due to the leak of data.¹
• A 2017–2018 survey found that cyber-based ransom attacks have increased to match the value of cryptocurrencies. According to the report, the top driver of cyber attacks is now financial gain rather than nuisance, and attacks are becoming more targeted. Globally, 42% of companies experienced ransomware attacks, a 40% increase from a 2016 survey. Other key findings of the report include:
  • One in four businesses report experiencing cyber attacks.
  • Distributed denial-of-service (DDoS) attacks grew 10%, hitting nearly two in five businesses.²
• The average website connects to 25 other (potentially insecure) sites for content, such as video clips or advertisements.³

Whether you are on a public or private board, in a for-profit or not-for-profit sector, you need to spend time considering three key areas:

1. Prevention and detection – How do security mechanisms, automation, and education need to evolve to protect you?
2. Planning – Are you doing the right things?
3. Mitigation – What are you doing to ...