When the outbreak of the pandemic moved school, business and socializing online in 2020, the platform Zoom, whose user base increased 20-fold in three months, saw a large increase in cyberattacks and data breaches. This phenomenon was, and is, not contained to Zoom; any companies experiencing rapid growth, or increased attention, are also at greater risk for cyber attacks. That partly explains why there was a sharp increase in attacks on the healthcare sector, which obviously became more prominent during the pandemic; and why attackers used ransomware against fitness brand Garmin, which had seen several successive years of business growth. From acquiring a new company to hiring more employees to entering new markets and verticals, all of these expand the attack surface; any change in situation — or planned change in situation — requires a new quantification of cyber risk.
Cybersecurity being a cornerstone of growth also means that the CISO should be participating, along with other executives, in any discussions involving growth. Whether a company is growing from within, by hiring more employees or making acquisitions; or from the outside by expanding its markets and customers, the CISO and cybersecurity need to be at the heart of the discussion, along with the traditional C-suite executives and traditional risks, including competition, regulatory concerns, and the level of consumer demand.
