Board & Investors: What To Look For
-
Absence of Evidence
Ignorance may be bliss in other arenas, but not in Cyber Security.
“We’ve never had a breach” is a boast we hear often. “How do you know?” is a question we always ask but there is rarely a coherent, comforting answer.
Most people think that if there is a breach, there will be some visible sign. Sometimes there is, sometimes there is not and sometimes you find out too late to do anything about it.
-
Evidence of Absence
The answer to “How do you know?” that we long to hear is “Because we check regularly and we can prove it.”
As a board member, or a principal investor, you should be seeing regular reports on network activity which should include confirmation that X threats were detected and Y threats were thwarted and it would be great if Y == X.