A conversation with risk management and internal audit expert Norman Marks
Interview by Joseph McCafferty
January 3, 2017
The consequences of a cyber-attack—including a hit to reputation, lost customers, diminished credibility, and the cost of repairing the damage, just to name a few—are such that companies will do everything they can to defend against them. That is, of course, everything within reason and considering they have limited resources to spend on cybersecurity.
So where do you draw the line? Risk expert, Norman Marks, who has served as chief audit executive at several large companies, says thinking about how to answer that questions can provide new insights into the difficulty of managing the vast threat of cyber-attacks and data breaches. He says companies tend to be reactive, throwing money at every weakness they find, rather than considering the bigger picture and spending limited resources where they will do the most good.