Down The Security Rabbithole

In this episode... Standard & Poor's Adding Cybersecurity to Ratings The headline In a report issued this week, the rating agency says it could issue a downgrade before a cyberattack if a bank looked ill-prepared, or following a breach that causes significant damage to a bank's reputation or which leads to substantial monetary losses or legal damages. Behind the curve? Stop. Michael wrote about it this week - stop calling it gaps… 16 questions… good start? How long has it typically taken to detect a cyberattack? What containment procedures are in place if the bank is breached? How many times was the business the target of a high-level attack during the past year, and how far did it reach in the system? What's the internal phishing success rate? What kind of expertise about cyberattacks exists on the board of directors? How much does the bank spend on cybersecurity, what resources does it devote, and what is the total tech budget this year versus last? Including security in the ratings - and