No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Getting the Board on Board with Cybersecurity

by Thomas Kelly
September 6, 2018
in Cybersecurity, Data Privacy, Featured
interior of a boardroom

Why GRC Must Engage the Board of Directors in Data Security

Organizations are still scrambling to comply with the GDPR. Tom Kelly, President and CEO of ID Experts, says the regulation has forced important conversations within organizations. Equally important is the board conversation on how to protect stakeholders’ interests. Tom writes on the role boards can play in paving the way for compliance with data standards.

2018 has without a doubt been one of the busiest years for GRC professionals. Thanks to the implementation of the General Data Protection Regulation (GDPR), governance, risk and compliance workers have struggled to make sense of complex European regulation on data security that, if violated, will result in a heavy fine.

Such struggles are frustrating – and they’re far from being over. If anything, they show signs of ramping up in the years to come. According to a 2017 study from the Center for Cyber Safety and Education, we’re looking at a shortage of 1.8 million cybersecurity workers in North America by 2022. Failure to craft effective data security practices will be costlier than ever before, but finding the people to do it is only becoming more difficult.

This poses a massive challenge for GRC professionals. Cybersecurity and privacy pose enormous risks for a company. News of a breach inevitably means bad press, angry customers and falling stock prices. Similarly, weak privacy policies – and poor communication about those policies to consumers – can lead to a massive backlash, as we saw with the Facebook this past spring.

But unless there’s strong communication between the IT department and the GRC department, vital information can get lost in translation – and you could be called in to explain why the organization wasn’t compliant with data security regulations.

That’s precisely why GRC professionals shouldn’t have to go it alone. No matter the size, scope or sector of your organization, it’s wise to call in the board of directors to manage data security. Whether they realize it or not, boards have a vested interest in cybersecurity and compliance. The more effectively you can convey the importance of their role to them, the more prepared you’ll be in case of a breach.

First, make your case from the numbers. According to the Ponemon Institute, the average data breach in 2017 cost companies a whopping $3.5 million. Worse, they estimate that there’s a 27 percent likelihood that a U.S. company will undergo a breach costing between $1.1 million and $3.8 million in the next two years. And even if there is no technical security breach, failure to make your privacy policies clear could put you in a situation where, several years down the road, consumers are outraged to discover that you’ve been handing over their information to third-party entities all along. These are risks that a board of directors cannot afford to ignore.

Second, make your case from the timing. Although GDPR currently only applies to the data of citizens of the European Union, the time may come when it applies to U.S. citizens as well. Recent reports say that the president has examined the possibility of implementing a U.S. version of GDPR. The sooner GRC professionals and the board of directors can begin to develop privacy systems and policies that protect U.S. data subjects, the less likely it is that your company will be found noncompliant later on.

Third, make your case from the ethics. As politics grow increasingly dysfunctional and partisan, Americans are looking to businesses to direct the country through ethical leadership. According to the 2018 Edelman Trust Barometer, nearly two-thirds of Americans say that “CEOs should take the lead on change, rather than waiting for the government to impose it.” By acting to protect your clients’ data ahead of time, you can demonstrate the kind of leadership that our nation desperately needs.

Once you’ve got the board on board, there are several things you can and should consider doing to mitigate data-related risks. First – and most importantly – you should offer your expertise on which of your company’s assets are most vulnerable in terms of data security. This will vary from industry to industry, as assets might include basic employee or client information, like credit card numbers and usernames and passwords, but will also likely include data specific to your area of expertise, such as algorithms, business plans or intellectual property.

It’s also a good idea to review the privacy policy you have in place for your data subjects. Do they know what information you have? Do they know what you use it for? Do they know how long you’ll have it? Can employees answer these questions? Can the board?

If the answer to any of these questions is “no,” it’s worth taking the extra step to explain it clearly to your clients. It won’t come as a surprise to them, as most people have had their inboxes flooded with GDPR-related notices by now, and it can help deflect any frustration or confusion in the future.

Other possibilities include making your case for adding a data-security expert to the board so the group has an accurate sense of the risks and opportunities of data security and partnering with the IT department to host a cybersecurity tutorial, either for the board or for employees.

Whatever you ultimately decide, however, be sure to act quickly and decisively. Data breaches can compromise an organization’s reputation and brand overnight. By bringing this risk to the board’s attention and pushing for compliance, you’ll prepare your company to navigate the challenges of data security in the coming decades.


Tags: Board of DirectorsGDPR
Previous Post

TrustArc Expands Industry-Leading Compliance Solutions with First Privacy Certification for Data Processors

Next Post

Colombia Ramps Up Enforcement of Transnational Bribery Law

Thomas Kelly

Thomas Kelly

Thomas F. Kelly is a Silicon Valley serial entrepreneur and expert in cybersecurity technologies. He is president and CEO of ID Experts in Portland, Oregon.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

tech fluency_n

Not Your Grandpa’s C-Suite: Improving Tech Fluency at the Top of the Organization

by Jim DeLoach
January 18, 2023

In our hyper-connected world, just about every company is a tech company. As commerce and technology become increasingly intertwined, it’s...

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

board personalities

Arsonists, Long Rangers & the Impact of Personality Types on Board Governance

by Rob Kunzler
December 14, 2022

It’s easy to think of your company’s board of directors as simply a group of individuals. But OnBoard’s Rob Kunzler...

Next Post
colombian president Juan Manuel Santos

Colombia Ramps Up Enforcement of Transnational Bribery Law

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT