Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue
Larry Clinton, Kogan Page, 2022

This is not just another cyber security book. This is a cyber security book that recognises that cyber security is not only a technology issue, but a strategy and leadership issue, too.

As the management of cyber risks evolves – and regulatory expectations increase – the approach taken in Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue will be of great value to companies looking to achieve digital transformation goals without creating undue risk, helping readers to contextualise the risk in terms of financial and operational outcomes.

Author Larry Clinton is president of the Internet Security Alliance. He advises industry and government on cyber policy, and has briefed NATO and the US Congress. Twice named in the NACD ‘Directorship 100’ list of the most influential individuals in corporate governance, Clinton has played a key role in advancing the practice of cyber security, which, as former United States Army general, Keith Brian Alexander notes in his praise for the book, is a matter of national security: “The only way to effectively protect ourselves is through a collective defence model. Cybersecurity for Business describes the roles and responsibilities individuals across an organisation must take in this new age to work together to protect their enterprise and, in so doing, contribute to our nation’s defence.”

In his latest book, Clinton examines the need to take an enterprise-wide approach to cyber risk; looks at the growing threat as an issue that is not confined to IT; considers how boards are addressing cyber risk; and tackles the way organisations may be better structured for the digital age. He then goes on to outline a modern approach to assessing cyber risk, and considers the management of cyber risk from an enterprise-wide perspective.

Subsequent chapters are dedicated to examining in depth the roles and responsibilities of human resources management in cyber security; legal and general counsel; audit and compliance; and technical operations. Consideration of cyber security in mergers and acquisitions has a dedicated chapter, as does the role of cyber operations in developing a “culture of security”.

And, as readers of this magazine will be comforted to know, cyber security in the context of supply chains and crisis management are also addressed in a book that is becoming a must-read for business leaders.

---