Why Boards must consider cyber security as part of corporate governance.
For many years now, Information security, including Cyber Security, has been left to the IT Department. However, even if your IT people are doing a stellar job, here are five reasons for Directors to bring Cyber Security into the Boardroom.
Pending SEC Legislation
Bill S.536, the Cybersecurity Disclosure Act 2017, is currently pending in the US Congress. This bill is intended to introduce transparency for companies managing and dealing with Cyber Security. In particular, if passed as is, it will require organizations to report to the SEC on the level of the Board’s cybersecurity expertise.
Risk of Incarceration (ROI)
In this case, ROI stands for Risk of Incarceration. In some states and provinces, failure to carry out due diligence to ensure the smooth and continued operation of your company, may result in a sentence for company executives if convicted. In some cases, executives have been sentenced to time in jail.
Director Liability Costs
Each year, companies are losing almost $400 billon dealing with and recovering from data breaches and other security events. When it comes down to it, the C-Level people are responsible for any damage done to the organization or its clients. If an incident occurs, your clients and shareholders are not going to be calling out the IT Department – they will be coming directly to you to ask serious questions.
IT Risk is Business Risk
In all likelihood, your business needs information technology to operate. It could be sales, financials, payroll or even just creating documents, but the chances are you need IT to make your business run, This means that any IT risk is really a business risk, as if the risk turns into an incident, your business could be adversely affected,
Ransomware is prevalent at the moment, and the number of incidents and attacks is expected to increase in the near future. Do you know how well equipped your IT team is to deal with a Ransomware incident, and do you know how it could affect your business? A number of small businesses have chosen to ‘pack up shop’ and close down, rather than paying the ransom. Even if you are a larger organization, can you manage the disruption and downtime a Ransomware incident can cause?
If you would like to know more about how IT Risk can affect your organization’s business operations, give us a call to discuss how to improve the security posture of your business.