Just before the pandemic, the National Association of Corporate Directors (NACD) surveyed more than 500 public-company directors and found that 61% would be willing to compromise on cybersecurity to achieve business objectives. Despite this concerning lack of cybersecurity prioritization, Gartner’s Board of Directors Survey from last year revealed that cybersecurity-related risk is rated as the second-highest source of risk for the enterprise. In a separate 2021 global study, Protiviti and NC State University’s ERM Initiative found that managing cyber threats was a major concern to executives as they focus on how such events might interrupt core operations. Clearly, business leaders recognize the importance of a strong cybersecurity posture, but too many fail to adhere to cyber hygiene best practices – and this disconnect could cause organizations millions of dollars in losses.
The bottom line is that the boardroom needs to view cybersecurity as foundational to almost everything an organization does. There is reason to be sanguine about the boards’ role in a cybersecurity program. Earlier this year, Gartner predicted that by 2025, “40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.” Further, the Federal Trade Commission (FTC) recently highlighted the importance for corporate boards to do what they can to ensure that consumer and employee data is protected. The FTC would go on to make five common-sense recommendations for boards of directors to follow:
- Make Data Security a Priority. As the FTC notes, there’s no one-size-fits-all formula, but strategies include building a team of stakeholders from across your organization; establishing board-level oversight; and holding regular security briefings to keep the board informed, engaged, and updated.
- Understand the Cybersecurity Risks and Challenges Your Company Faces. A strong cybersecurity program starts at the top, from setting priorities to allocating the resources necessary to ensure effective security.
- Don’t Confuse Legal Compliance with Security. Meeting compliance obligations and requirements — a “check the box” approach — doesn’t necessarily translate into good security. Boards should ensure that their security programs are tailored to their companies’ unique and evolving needs, priorities, technology, and data.
- It’s More Than Just Prevention. Recent breaches have demonstrated the importance of both a strong data security program and a robust incident response plan. Use your peacetime to prepare — time is of the essence. This checklist protect your data may help.
- Learn From Mistakes. In the wake of a cyber event, take the opportunity to conduct a post-mortem — learn from the incident and improve your program.
At Constella Intelligence, we understand that executives and other high-profile individuals lead high-risk, mobile lives —increasing vulnerability to cyber risk. Whether it’s an online impersonation, leaked credentials, or confidential information exposed, cybersecurity vulnerabilities can lead to severe reputational, financial, and legal damage. Constella Executive Protection helps organizations quickly identify and remediate emerging digital threats targeting your people and your brand.