Tuesday, 3 May 2016

On Cyber Security, Non-Executive Directors Had Better Speak Up

PANAMA CITY  – The cyber threat posed to corporations needs little explanation these days. The potential impact of an attack is so great as to threaten the very existence of some businesses and to cause severe losses to others. Had Sony or Saudi Aramco been retailers with average cash reserves, the loss of their entire networks as the result of attacks might have proven existential given the length and depth of their cyber crises. The data losses suffered by Target TGT -0.12%, TJX Companies and Heartland were significant enough, but to add insult to injury, the remaining directors of these companies and others are now subject to shareholder derivative and securities lawsuits—This despite being victims of a crime. For most corporations, it is generally understood that this is no longer an exotic risk buried in the detail of risk register to be left to the IT Department. Rather it is a very significant challenge of direct concern to the board.

And yet managing this problem, which adds nothing to the top line, looms as a major and difficult to estimate new cost of doing business. Hardly the stuff that traditionally makes an ambitious CEO salivate. Indeed many “baby boomer” CEOs privately concede that they find the whole matter at best complex and at worse incomprehensible.  And with PWC estimating in 2015 that US corporations are facing annually around 43 million attacks – yes, some 117,800 a day – this issue can seem bewildering. Indeed such statistics can be unhelpful in that they can paralyze boards into anxiety-induced inaction. As one CEO commented “the problem is so massive, where do we start?” A 2015 study by the National Association of Corporate Directors found that only 11% of respondents believed that their boards possessed a high-level understanding of the risks associated with cyber security. For the full article click here



from cyber security caucus http://ift.tt/1pYd8qa
via IFTTT

No comments:

Post a Comment