Corporate Boards Can’t Underestimate Role in Cybersecurity Oversight, FTC Warns

Five common-sense recommendations for boards of directors to follow to reinforce the security of their organizations, people, and assets.

Just before the pandemic, the National Association of Corporate Directors (NACD) surveyed more than 500 public-company directors and found that 61% would be willing to compromise on cybersecurity to achieve business objectives. Despite this concerning lack of cybersecurity prioritization, Gartner’s Board of Directors Survey from last year revealed that cybersecurity-related risk is rated as the second-highest source of risk for the enterprise. In a separate 2021 global studyProtiviti and NC State University’s ERM Initiative found that managing cyber threats was a major concern to executives as they focus on how such events might interrupt core operations. Clearly, business leaders recognize the importance of a strong cybersecurity posture, but too many fail to adhere to cyber hygiene best practices – and this disconnect could cause organizations millions of dollars in losses 

The bottom line is that the boardroom needs to view cybersecurity as foundational to almost everything an organization does. There is reason to be sanguine about the boards’ role in a cybersecurity program. Earlier this year, Gartner predicted that by 2025, “40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.” Further, the Federal Trade Commission (FTC) recently highlighted the importance for corporate boards to do what they can to ensure that consumer and employee data is protected. The FTC would go on to make five common-sense recommendations for boards of directors to follow:  

  • Make Data Security a PriorityAs the FTC notes, there’s no one-size-fits-all formula, but strategies include building a team of stakeholders from across your organization; establishing board-level oversight; and holding regular security briefings to keep the board informed, engaged, and updated. 
  • Understand the Cybersecurity Risks and Challenges Your Company FacesA strong cybersecurity program starts at the top, from setting priorities to allocating the resources necessary to ensure effective security. 
  • Don’t Confuse Legal Compliance with SecurityMeeting compliance obligations and requirements  a “check the box” approach — doesn’t necessarily translate into good security. Boards should ensure that their security programs are tailored to their companies’ unique and evolving needs, priorities, technology, and data.
  • It’s More Than Just Prevention. Recent breaches have demonstrated the importance of both a strong data security program and a robust incident response plan. Use your peacetime to prepare — time is of the essence.
  • Learn From Mistakes. In the wake of a cyber event, take the opportunity to conduct a post-mortem  learn from the incident and improve your program.  

At Constella Intelligence, we understand that executives and other high-profile individuals lead high-risk, mobile lives —increasing vulnerability to cyber risk. Whether it’s an online impersonation, leaked credentials, or confidential information exposed, cybersecurity vulnerabilities can lead to severe reputational, financial, and legal damage. Constella Executive Protection helps organizations quickly identify and remediate emerging digital threats targeting your people and your brand. Visit us here to learn how Constella helps executives and high-profile individuals 

© 2021 Constella Intelligence. All rights reserved. Website Privacy Policy. Terms of Use. Datalake Privacy Notice. Acceptable Use Policy.