It’s time for board executives to take threats seriously, batten down the hatches and protect their organisations, employees and customers.
While the advent of new technologies such as automation, Artificial Intelligence and machine learning are helping propel businesses forward, they’re also opening up organisations to growing security risks.
Huge advances are being made in genomics, and manufacturing technologies, with machines closing in on human abilities with astonishing speed. Yet, cybercrime represents the dark side of digitisation, and is the mastermind of increasingly sophisticated individuals. We’re now facing the most significant cybersecurity threat to date.
Last month, the WannaCry ransomware attack affected thousands of businesses worldwide and new types of attack are emerging all the time. It’s therefore more important than ever before for board executives to take these threats seriously and batten down the hatches to protect their organisations, employees and customers.
Why board executives’ responsibilities must evolve
The digital warfare is intensifying, and cyber criminals are becoming ever more sophisticated and creative in their approach to attack. In response, the role of the board has moved from being 90% focused on fiduciary responsibility to 75% focused on strategy and risk management. Of all the risks that the board oversees, cyber security has emerged as a central theme across all large and mid-sized corporations, with businesses expected to spend $101.6bn on cyber security software, services and hardware by 2020, according to IDC. The board should no longer focus solely on mitigation strategies but also ensure that processes are in place to cover liability.
On top of IP and data loss, the board must look at how it can prevent reputational damage to its brand. We’ve seen a number of examples in the press recently where businesses have been left red-faced due to security scandals – from Barclays’ CEO falling victim to an email prankster to Yahoo’s acquisition price being slashed after suffering several data breaches. Reputation is one of the most valuable and fragile assets of an organisation. According to the World Economic Forum, more than 25% of a company’s market value can be attributed to its reputation, which demonstrates the importance of getting this right. A good reputation built through years of dedicated effort can be destroyed almost overnight, especially in today’s world where an organisation’s customers, operations, supply chains and internal and external stakeholders are scatted globally and connected via technology.
New technologies significantly increase an organisation’s exposure to cyber theft
As the threat of cybercrime intensifies, it’s not a case of ‘if’ but ‘when’ hackers will strike each and every business. Exploit kits are increasingly being sold on the dark web and paid for with bitcoins, making it easier for anyone with an agenda to do so to buy low cost tools and remain relatively unnoticed.
This means that the window for responding is narrowing and organisations have to demonstrate that they have taken control of a breach very quickly if they are to protect their data and reputation. That said, board executives should take care over exactly how the breach is communicated to their customers, stakeholders and the media – TalkTalk’s CEO, Dido Harding, was heavily criticised for her handling of a major hack attack in 2015.
What board executives must do in response
Today, just 7% of organisations claim to have a robust incident response programme in place and nearly half of UK businesses have no cyber security plan whatsoever. To address this, the emphasis for boards must now be on making sure that critical security infrastructure is in place, enhancing crisis response and strategies that emphasise a good balance of preventative and responsive tactics.
Technology is blurring the lines between industries and people are spending more time connected to the internet than any other medium of communication, providing increasing opportunities for attacker models. While understanding the future impact of technologies should be the responsibility of the business’ managers, it is the board executives’ responsibility to ask management for their perspective on how the organisation is handling the strategic risks related to digital disruption today.
Some organisations are creating new technology forums, building the expertise of corporate directors and strengthening IT governance. This is all with the aim of empowering boards to guide managers by asking the right questions about technology and its impact, and pushing cyber security issues to the top of the agenda.
Technology is advancing at an astonishing pace, with developments in robotics and cognitive technologies pushing the boundaries of what’s possible. While I am very optimising about our connected future, C-level executives need to ensure they’re asking all the right questions to deal with the risks arising from the digital era and ensure they’re don’t fall victim to the next cyber-attack.