Why Cyber Security Is a Board-Level Issue

By Granville Triumph

Corporate America now demands that work be done anytime, anywhere, as mobile devices, clouds and applications keep employees constantly connected to the company network. Employees demand to be able to stay connected using whatever device they choose.

More and more organizations are enabling the use of various devices to meet this demand and increase worker productivity and flexibility. Unfortunately, around-the-clock connectivity and a proliferation of new devices in the workplace also have cyber criminals salivating. New targets for their attacks are popping up every day, and IT departments are scrambling to keep up.

Symantec reports that targeted attacks rose 42 percent in 2012, while mobile malware jumped 58 percent. Increasingly sophisticated cyber attacks are now costing the American economy approximately $100 billion each year, according to the Center for Strategic and International Studies. The carnage left behind in the form of shattered reputations is even more costly.

Cyber security, an issue once confined to the IT department, has now made its way into the boardroom. More than a technological concern, cyber security impacts the short- and long-term wellbeing of the entire organization, making it critical component of corporate business strategy.

Not only must company assets and data be protected, but regulators are demanding that sensitive customer information be strictly guarded. For example, the Payment Card Industry (PCI) Security Standards Council recently unveiled a new standard for companies that accept and process credit card payments to ensure that cardholder data is protected.

The entire premise of the new PCI ground rules is that payment security can’t be a box that is checked off once per year to satisfy compliance requirements. Security needs to become a part of everyday operations and the corporate culture. This kind of organizational shift in mentality regarding security begins at the board level – and it shouldn’t wait until regulators start to require it.

The board of directors needs to be fully aware of your organization’s security capabilities, policies, tools and procedures. This starts by making sure someone who understands cyber security is on the board. Budgets may need to be reevaluated to update hardware and software, train personnel or enlist the aid of a managed services provider that can monitor your network.

A scalable cyber security strategy should be put in place, along with a response plan in case of a security breach. Both need to be thoroughly tested and have the full endorsement of the company’s senior leadership, who should then communicate the role each employee plays in cyber security and offer ongoing education to ensure the entire organization is on the same page.

Leave a Reply

Your email address will not be published. Required fields are marked *