SEI Sphere: How Cyber Risk Is Business RiskDirector of Cybersecurity Mike Lefebvre on Approaching Cyber as a 'Cyber Fiduciary'
Cybersecurity incidents can have high-profile impacts on the business - from schools to hospitals. But many incidents that disrupt businesses don't make front-page news, said Mike Lefebvre, director of cybersecurity at SEI Sphere.
"A disrupted business is not making money. That's what we mean when we say cyber risk is business risk because we are being impacted by someone on the other end of the keyboard," he said.
Lefebvre said cybersecurity firms need to act more like financial institutions - as a fiduciary with their clients' best interest at heart - and defenders need to take a forward-looking approach. "We look at key performance indicators, but it's still retroactively looking at what's happened in cyberspace. We need to start thinking about how we can look at leading indicators to make cyberspace more like chess, as opposed to whack-a-mole."
In this video interview with Information Security Media Group at RSA Conference 2023, Lefebvre discusses:
- Advancing cyber risk oversight and management through lessons from the financial industry;
- How cyber professionals can get ahead of the regulatory environment, which is focused on risk and reputation;
- SEI Sphere's role as an MSSP inspired by the financial industry and the fiduciary duty of care.
Lefebvre previously held roles at Deloitte, Accenture and the U.S. Department of Defense. He has more than 13 years of experience across incident response, threat intelligence, operations and cybersecurity research.