by Special Guest0
Cyber Security – A Boardroom Challenge
Cyber security is a concern for all organisations, big and small. Some technology experts even go as far to say that it is inevitable that at some point your business will suffer a data breach. The scale of that breach and your response to it will depend very much on your organisation’s leadership, as this guest post from Anu Khurmi, of cyber security company Templar Executives, explains.
Cyber Security – Leading From The Top
In recent years, headline grabbing stories of companies targeted by Cyber-attacks and hit by major security data breaches has persuaded executives to shift from traditional thinking about risk, security and business continuity and for many, Cyber Security has become the new white elephant in the Boardroom. Overnight organisations such as Talk Talk, Ashley Madison, eBay, AOL, Target, Home Depot, Sony, Anthem and JPMorgan Chase became infamous for their inability to protect critical business information. With consequences that can include crippling financial fines, loss of intellectual property, business disruption and damage to reputation, the overriding message is a sure-fire reminder to all senior executives on why Cyber Security needs to be addressed as an intrinsic part of the Board agenda.
The pressure on Boards to be held to account for information breaches is relentless and will be further enforced by the introduction of tougher data protection and compliance regimes. The EU’s General Data Protection Regulation (GDPR) due in 2017 will see financial penalties rise to up to €20 million or 4% of an organisation’s global annual turnover - and the prospect of a criminal prosecution for the most serious of breaches. In the United States a new Bill, the Cybersecurity Disclosure Act of 2015, if passed, would require US publicly listed companies to disclose who on their Board has cybersecurity expertise.
The most effective way for Boards to address this challenge is to lead by example. Setting the right governance and tone for the security posture of the entire organisation is critical. This must go beyond just compliance or adoption of basic standards and needs to reflect the cyber maturity of the organisation through a holistic, risk based, intelligence led approach which encompasses people, processes and culture - as well as information technology.
There is no doubt that as the Cyber landscape continues to evolve, organisations will need to keep pace; future Threats are becoming increasingly more sophisticated with escalating focus on areas such as intellectual property theft, cyber extortion and business interruption. It is estimated that the average cost of the most severe security breaches for big business now starts at £1.46m. Cyber-crime alone costs the global economy approximately $445 billion a year.
Organisations that integrate Cyber Security into their enterprise wide risk management strategy and view it as a Board level responsibility are already ahead of the game when it comes to the future success of their business. Increasingly Boards are turning to trusted, expert Cyber Security advisors for specialist knowledge and advice. By demystifying the Cyber agenda and discussing governance, risks and practical next steps, business leaders will understand the Threat landscape and be able to take proportionate measures to mitigate the risks to their most critical business information assets. By fostering a culture that protects, values and safeguards information, they will establish a sustainable capability that allows for the appropriate exploitation of data, the ‘crown jewels’ of every organisation, and enable business optimisation.
Is your Board leading by example and setting the right governance and tone for the whole organisation? We would be very interested to hear your views on this hot topic. If you would like to share your experience, please leave a comment below.
Templar Executives is an award-winning Cyber Security company trusted by Governments and multi-national organisations. Operating at the highest levels across the public and private sectors Templar Executives has a world class track record in helping clients develop a resilient and business enabling Cyber Security capability. For more information visit www.templarexecs.com