Board Members Worry about Cyber Security Issues
What are corporate boards of directors worrying about? A recent study by NYSE (New York Stock Exchange) Governance Services and Veracode (a cloud-based application security company) identified key cyber security concerns of boards. Only one third of board members surveyed are confident that their companies are properly secured from cyber-attacks.
What Boards are Most Concerned About
When asked what the biggest concern about a cyber intrusion is, the survey respondents stated:
• Brand damage (41%)
• Data breach costs (23%)
• Theft of intellectual property (23%)
Additionally, 70% expressed concern about the risks of third party software in their companies’ supply chain.
What a Board Wants to Hear
The survey learned that 81% of the board members responding said cyber security is discussed at most board meetings. The cyber security topics they are most interested in learning about in meetings include:
• High level security strategy descriptions (33%)
• Risk metrics (31%)
• Peer comparisons (11%)
• Security technologies descriptions (11%)
Accountability has Expanded
Formerly the perception was that only a senior IT person such as Chief Technology Officer or Chief Information Security Officer would be held accountability after a significant cyber intrusion. Many boards now state that they will hold the Chief Executive Officer accountable as well. They are viewing a cyber intrusion as a business risk, not just a technology issue.
The respondents feel that the Chief Information Security Officer top qualities are:
• Technical skills
• Business acumen
• Communications skills
• Ability to take risks
• Crisis communications
A super technologist is not enough without other skills, in many of today’s companies.
Include Your Board
Corporations of all sizes have the opportunity to educate and inform their board members about cyber risks specific to their business and the related measures in place. They can ask for funding based on the strategies to address the risks and provide strong metrics to support their cyber measures. Making the board a part of the company’s cyber defense is good business.
Please join us on Twitter.