Privacy, Security & Cybercrime: New Governance Issues
Privacy, security, and cybercrime are enterprise issues that now require active oversight by boards and senior executives. Today, cyber attacks are increasingly sophisticated, and the wide scope of these risks can no longer be managed solely by IT staff. Companies today face:
- A much higher risk of theft or misuse of corporate data
- Increased fines and investigations by regulatory bodies
- Heightened financial and reputational risks.
Global Cyber Risk LLC (GCR) provides specialized services to boards and executives to meet these needs. We offer a comprehensive set of services that enables officers and directors to manage the digital risks that threaten their organization’s reputation and operational and financial goals.
What is needed: A trusted, independent advisor who will interface with IT staff and help the board manage cyber risks through effective governance.
Protecting Digital Assets is a Fiduciary Duty
Directors and officers have a fiduciary duty to protect corporate assets and meet legal requirements for privacy and security. Since an estimated 90% of company assets today are digital, this duty clearly extends to the protection of networks, software applications, and data. Cyber risks are now on equal footing with all other corporate risks that must be managed from the top.
Cyber Risks Undercut Profitability and Competitiveness
Privacy and security are competitive issues. Companies that set the tone of a “trusted workplace” with their employees and convey the message of a “trusted business” to the marketplace will have an advantage over those that are less proactive. Bottom lines and market position are enhanced through:
- Reduction of liabilities and losses associated with compliance costs and security incidents
- Reductions in business interruptions and operational downtime
- Prevention or deterrence of cybercrime, including the insider threat
- Detection of the theft of confidential data and intellectual property
Boards Need Assistance in Implementing Best Practices for IT Governance
There are a number of best practices for IT governance, but surveys in 2008, 2010, and 2012 conducted by Carnegie Mellon CyLab and GCR CEO Jody Westby consistently indicated that boards and executives are only occasionally or rarely involved in the governance practices that help protect organizations against avoidable losses flowing from cyber incidents. A recent Ponemon Institute study found that brand and reputation can decline 17-31% after a breach, and it may take an organization more than a year to recover its corporate image. The cost of preventing cyber attacks is nothing compared to the cost of rebuilding a brand or losing valuable intellectual property, customer data, and supplier / pricing information.
Boards Need a Trusted Advisor
Today, boards and senior management need an independent, trusted advisor to provide unbiased advice and help them make effective cyber risk management decisions. It is important that full and complete information on threats and incidents be provided to directors and officers so they can ensure that their organizations’ systems and data are protected and responses to breaches and security events are appropriate. It takes a specialist to recast complicated technical and IT data into risk terms appropriate for director and officer decision-making. An independent advisor who works with researchers, law enforcement, and the business community and is on the cutting-edge of threats and technologies provides a valuable perspective that complements internal information.
GCR provides a comprehensive set of services that enables boards and executives to manage the digital risks that threaten their organization’s reputation and operational and financial goals.