The presence of Mr. Ignacio Sánchez Galán, Chairman of the Board of Directors of Iberdrola, and Mr. Julián Martínez-Simancas Sánchez, Secretary of the same Board, at the seminar “Cyberdefense, National Defense & Energy Supply”, that the Spanish Ministry of Defense hosted on October, 13th, at its CESEDEN (Center of Higher Studies on National Defense)’s premises, comes to contradict the very categorical statement that had been made during CCI’s last “The Voice of the Industry” event held in Bogotá: “Businesses, today, are less concerned for ‘cyber’ than governments”. Maybe that of Iberdrola is an exception; maybe it is the Ecopetrol’s one, as we knew in Colombia last month; or, maybe, exceptions are starting to be the new normal.
Believe me, if I say you that it is hard for me to believe!
Though, it seems that things start to change. Anyway, it will not be a voluntary change; but one obliged by the circumstances. While some of us are still confident in the generational shift -the slow lane- to see how boards and directors begin to be concerned for ‘cyber’, new conditions seems to flourish. Conditions that can accelerate such awareness, making the change happen agiler and faster. The awakening of a new cyber market in the insurance industry will push companies to address more pampering their cyber security, in order to get better coverage and, specially, better prices in their agreements with insurers; but let us discuss this other day. The driver we are focusing on today is a different one: ‘cyber’ starting to affect credit ratings!
Standard & Poor’s, Moody’s and Fitch Ratings have announced it, or they will do it promptly. No doubt, a real incentive for companies, avid of credit and investors, to truly start planning the need for the adoption of cyber protection frameworks that they should be accountable for before such rating agencies -and, of course, before their possible investors- in the sense of demonstrating the effectiveness of the cyber measures they keep into force.
Nonetheless, incidents, particularly the serious ones, will have consequences beyond credit rating, as veteran journalist Ted Koppel remind us in his last book “Lights out: A cyberattack. A nation unprepared. Surviving the aftermath”. Due to that, now more than ever, organizations must adopt cyber defense systems, that should be tested and validated. When such adoption, testing and validation are performed within an academic research, they will contribute double: by developing capabilities (cyber-talent training) and by building capacities (tested cyber-defense system). Though, in the current geo-political landscape and with current digital “weapons”’ double edge, there are people that have know -and are knowing- how to exploit such arsenal for purposes that are much less legitimate.
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!