Wednesday, 1 July 2015

Cybersecurity Policies Need to Be Centralized: Board Member

SAN FRANCISCO– Companies need to centralize cybersecurity policy and not leave it up to business groups in various countries, said Richard Goodman, board director and chair of the audit committee at several Fortune 500 companies.

The breaches at Target Corp.TGT -0.56% and Sony Pictures Entertainment have raised awareness of cybersecurity in general by boards. One consequence is  that boards now are calling for clear and consistent cybersecurity policies, said Mr. Goodman, who is on the boards of Johnson Controls Inc.JCI -0.64%, Kindred Healthcare Inc.KND -1.31%, Western Union Co.WU -0.15% and Toys “R” Us Inc.

“You can’t give people in the field decision-making authority about whether you decide to do something or not on cybersecurity,” he said.

Those central polices may create tensions with business units in various countries but it’s important to mitigate risk, he said. Just as global corporations have moved to centralized accounting policies, cybersecurity needs to be approached in the same way, he said, speaking to CIO Journal at A.T. Kearney’s annual CEO retreat in San Francisco, Monday.

All of Mr. Goodman’s audit committees are looking at cybersecurity at every meeting or every other meeting.

“Everybody realizes this is a big deal,” he said. The biggest challenge, though, is trying to figure out what the industry benchmarks should be for cybersecurity, he said. “The goal posts are going to move,” he said, adding that frequent changes in the industry have led to lots of meetings.

The U.S. Securities and Exchange Commission last June called on corporate boards to make sure they’re taking the necessary steps to address and oversee their companies’ cybersecurity risks. “There may be a gap that exists between the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks,” Securities and Exchange Commissioner Luis Aguilar told directors at a June 2014 cybersecurity conference at the New York Stock Exchange.

View the original content and more from this author here: http://ift.tt/1C6zKur



from cyber security caucus http://ift.tt/1NvnBzZ
via IFTTT

No comments:

Post a Comment