#CyberFLASH: Why boards should be paying close attention to cyber security

hackerIt wasn’t too long ago that cyber security wasn’t even on the radar of most senior executives and boards of directors. The security team sat somewhere deep within in the IT organization and as they worked diligently to secure firewalls and block viruses, they didn’t get much face time with the company’s most senior leadership.

Today however, we’re seeing an increasing amount of interest in security from boards and it’s becoming a must-have item on the agenda of every board meeting.

So what’s changed?

The infamous Target breach back in December 2013 and other recent highly publicized breaches to major brands like Home Depot and Sony have played a big part. Not only have they elevated the public’s awareness of security breaches and their impacts, they have also shined a spotlight on how senior executives can be personally liable to their shareholders – both with their careers and potentially even their personal finances.

Breaches like Target’s can cost CEOs and CIOs their jobs, but board members can be at risk too. Shortly after the breach, a report by consulting firm Institutional Shareholder Services (ISS), which works on behalf of institutional shareholders regarding corporate governance, went so far as to suggest that Target should also replace 7 of the 10 members of its board of directors.

ISS noted that Target “provides little disclosure of the risk assessment process conducted by the committees or the board that would assure shareholders of a robust risk identification and oversight program. What may be of concern to shareholders is the failure of these committees, and possibly by extension the full board, to recognize the potential threat faced by the company.”[1]

Cyber security breaches can have a massive impact to the bottom line of an organization as well as its stock price. Although board members may not be expected to be security experts, it is their fiduciary responsibility to understand the all of the risks to their organization and what measures are in place to protect it.

Read more here

 

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.