And the consequences are hefty: “the total cost of a typical breach of 10,000 personal records held by an organization” is around $2 million (Computerworld) for a company.

With price tags running into the millions, it should be a no-brainer that executives involve themselves in their company’s cybersecurity strategy.  But in reality only a small percentage of company’s C-level executives actually take part in crafting and supporting a comprehensive cybersecurity strategy for their organization.

However, for those executives that do choose to participate in the cybersecurity discussion and commit to allocating resources to protecting themselves – there is a huge payoff.

According to Larry Clinton, president of the ISA, 80 – 90% of cybersecurity threats can be avoided through a “combination of best practices, standards and security technology.”

If there is resistance within your organization to taking the proper precautions to securing the company’s cyber infrastructure, considering sharing the report with your CFO – beyond offering up the staggering figures above, it also shares recommendations on how to mediate cyberrisk.

How prepared is your company for a cyberattack? Who is involved in crafting cybersecurity policy at your org?