Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

What Every Board Member Should Know About Cybersecurity

by Ron Warren
December 15, 2014
in Risk
What Every Board Member Should Know About Cybersecurity

Is your company prepared for a cyber attack? This is a question that every director should be asking, and management should be providing regular updates to the Board on its level of preparedness. Cyber attacks are running rampant, and no company is exempt from an attack. If your company thinks so, then brace yourselves for a rude awakening.

Cyber attacks can cause serious damage to a company’s reputation, which says nothing of the financial impact that accompanies such an event. According to the National Association of Corporate Directors, if companies and governments are unable to effectively combat cyber threats, between $9 and $21 trillion of global economic value creation could be at risk.

Due to the growing volume and sophistication of cyber attacks, cybersecurity is an issue that every Board should be actively grappling with in order to mitigate the pitfalls associated with a breach. For companies and Boards, it is not the time or place for complacency when it comes to cybersecurity. Just because a company is small doesn’t mean that it is insulated against an attack.

In fact, hackers are nondiscriminatory, targeting large and small business alike. In a 2013 study conducted by Verizon’s RISK Team, 92 percent of cyber attacks by volume were perpetrated by people outside of the organization, whereas only 14 percent were conducted by insiders.

Outside Cyber Attack Perpetrators:

  • Organized crime – 55 percent
  • State-affiliated actors – 21 percent
  • Activists – 2 percent
  • Former employees – 1 percent

One of the greatest security threats facing businesses today is phishing. Seemingly innocent and trustworthy email messages masquerading as legitimate communications are causing employees at all levels of an organization to fall prey to phishing schemes. Why? Because they are relatively easy to execute and usually work. Top executives are not exempt either and are usually targets of more sophisticated and complex phishing scams.

Addressing cybersecurity should be a top priority for Boards and senior management. Companies would be well advised to solicit advice from both internal and external advisors. Internal advisors should be multi-departmental and include communications, legal, IT and risk management. Boards need to consider appointing a member well-versed in cybersecurity whose focus should be on understanding and developing strategies to manage cybersecurity risks and vulnerabilities.

Some companies have created a separate risk committee, while others utilize the audit committee to oversee this extremely important issue. The question remains as to whether risk oversight should be a function of the entire Board or handled in committee.

Before implementing an enterprise-wide cybersecurity plan, companies should do their homework and do the following:

  • Conduct appropriate due diligence on any company they do business with,
  • Develop a comprehensive cybersecurity policy for both the company and third-party providers,
  • Develop an incident response plan,
  • Develop a business continuity plan,
  • Periodically review insurance policies to determine if the company is adequately protected,
  • Conduct cybersecurity training programs for all employees,
  • Conduct regular audits of cybersecurity effectiveness and
  • Develop or update the crisis communications plan.

Currently, SEC regulations require that public companies assess and disclose any significant security risks. In the event of a breach, many state and federal laws also require companies to disclose the nature and scope of the breach to investors and affected individuals. This means that companies may face legal risks, as well as regulatory liabilities.

Cybersecurity needs to be a main topic on every Board’s agenda, and senior management should review its status and risk assessment at each meeting. In today’s society, it is not the time for management and the Board to put their heads in the sand and hope nothing happens. This issue deserves regular and ongoing discussions at the Board and senior management level. Only then can a healthy respect for cybersecurity be cultivated throughout the company.

Resources:

http://www.nacdonline.org/cyber
http://www.verizonenterprise.com/DBIR/
http://www.pwc.com/us/en/corporate-governance/publications/directors-and-it/risk.jhtml
http://blogs.law.harvard.edu/corpgov/2014/11/05/the-risky-business-of-cybersecurity/
https://forms.thawte.com/websurveys/servlet/ActionMultiplexer?Action_ID=ACT2000&WSD_mode=3&WSD_surveyInfoID=2351&toc=GLLSX-2351-04-26&brand=04&country=26&cid=A9CC4D30A054B9A0
https://na.theiia.org/special-promotion/PublicDocuments/GRC-Cybersecurity-Research-Report.pdf
http://www.blankrome.com/index.cfm?contentID=37&itemID=3309
http://www.blankrome.com/index.cfm?contentID=37&itemID=3146
http://www.citadeldirectorsinstitute.com/wp-content/uploads/board-oversight-cybersecurity-risks.pdf
http://www.theiia.org/bookstore/product/cyber-security-what-the-board-of-directors-needs-to-ask-download-pdf-1852.cfm
http://www.networkworld.com/article/2458975/security0/homeland-security-wants-corporate-board-of-directors-more-involved-in-cyber-security.html
http://www.smithlaw.com/newsletter-74.html


Previous Post

Employee Views of Leaders’ Personal Conduct Drives Perceptions of Their Ethical Leadership, ERC Study Says

Next Post

Top 10 Cybersecurity Predictions for 2015

Ron Warren

Ron Warren is a senior communications professional with over 20 years of diversified experience in all forms of communications including investor relations, corporate communications, public relations, HR communications, marketing communications, advertising, writing, editing, project management, change management, and strategic planning. He is experienced in large, well established and start-up publicly held companies with multicultural audiences. His skill set includes excellent day-to-day, hands-on communications experience and operations management with an emphasis on creating operating efficiencies to impact company bottom-line success. Warren is a creative self-starter, team player, problem solver who works well under pressure and has proven project management and writing skills to meet any communications challenge. Warren possesses wide range of experience including strategy development, online content, publications, print production, interactive projects, executive speechwriting and executive presentations. Warren is a dedicated, highly accomplished communications professional with a strong background in strategic planning. He is recognized for providing creative, innovative, and enthusiastic leadership in a team environment.   Warren is currently a Senior Advisor with Labrador Regulated Information Transparency.

Related Posts

RiskMap 2021: Legal and Compliance Outlook

RiskMap 2021: Legal and Compliance Outlook

January 25, 2021
silhouette of businesspeople in meeting with blue cyber background

Cyber Risk Quantification and Prioritization is the Future of GRC

January 20, 2021
man working on smartphone and laptop

Adverse Media Screening: Relying on Google Alone Can Expose Organizations to Risk

January 19, 2021
challenge and solution concept with person standing at large gap

General Counsel Post-Pandemic: A Catalyst for Risk Fragmentation

January 18, 2021
Next Post
Top 10 Cybersecurity Predictions for 2015

Top 10 Cybersecurity Predictions for 2015

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights