CEO's and C-Suite executives are all responsible for the Business risk that a cyber-attack can impose on a Company and can be held personally liable for damages and loss from a cyber-incident. Click "Read More" below for details. "UnitedHealth Group now says the total impact of the cyberattack on its Change Healthcare unit will cost the company between $2.3 billion and $2.45 billion in 2024."
Every CEO could improve their own visibility into the company's cybersecurity lapses by having staff conduct a gap analysis of the Company's own cybersecurity practices against the CISA Cybersecurity Performance Goals (CPG) and the CISA Secure by Design (SbD) principles to see where improvements are needed in company cybersecurity practices and cyber-risk management.
Could a trivial investment in applying MFA have prevented this entire situation at UnitedHealth Group? Probably, yes.
Don't overlook the little things that can help to prevent disaster, like MFA. The men manning the birds nest on the Titanic lacked a pair of binoculars, that could have prevented the Titanic from hitting the iceberg. An ounce of prevention could prevent a Billion in damages and avoid pain to peoples lives.Â
Watch out for those CISA KEVs, cyber risk icebergs, they can ruin your day.