Cybersecurity and the Board Room
Our connected business world means there are thousands of entry points in and out of companies. The exploding number of access points means we now have thousands of potential openings into our companies. What has been traditionally seen as a simple component of an organization’s infrastructure, throwing a firewall and antivirus solution down as an adequate cyber strategy, has evolved into something that can keep one awake at night. The scary truth is that network security does not work as well as we thought.
As cybersecurity has emerged as the number one priority today, it is becoming a front business issue and a board room issue. After a series of high profile data breaches and warnings, corporate boards find themselves dealing with cyber threats and security issues. Not long ago, cybersecurity was a term rarely, if ever, heard in the boardroom. Rather, information security was deemed to be a risk managed solely by the chief information or technology officer or the IT department. Those days are gone. With the long list of high profile cybersecurity hacks and the after effects that include drop in shareholder value, decline in sales, brand and customer erosion, regulatory inquiries and litigations, cybersecurity has become an increasingly challenging risk that boards must address.
According to The Wall Street Journal, in 2014, 1,517 companies traded on the New York Stock Exchange or Nasdaq Stock Market listed some version of the words cybersecurity, hacking, hackers, cyberattacks or data breach as a business risk in securities filings. That is up from 1,288 in all of 2013 and 879 in 2012.
Board Governance when it comes to cybersecurity is indeed a subject that is complicated and requires a deep understanding of the situation, careful consideration of the risks and implications, and decision making as to how to proceed. A recent report sums up the situation, “it has long been recognized that directors and officers have a fiduciary duty to protect the assets of their organizations. Today, this duty extends to digital assets, and has been expanded by laws and regulations that impose specific privacy and cyber security obligations on companies”.
Here are two reference documents that provide a collection of information that may be of interest to those responsible for or researching the subject of Cybersecurity and Governance within the context of a Board of Directors.
Today’s reality is this, no matter what business you are in, no matter where in the world you are everything on a network is at risk. One thing we can be sure of is that cyber threats aren't going to go away. There is a pressing need for proactive cybersecurity vigilance and it is all of our responsibility to take an active role.