Corporate board audit committees will take a greater interest in cybersecurity risks and the organization’s plans for addressing them.
With more and more data breaches – from theft of trade secrets to loss of customer information – in the headlines, corporate audit committees are beginning to focus on the connection between cybersecurity and an organization’s financial well-being. As such, they will expand their attention beyond the financial audit process to the organization’s strategic plans for protecting non-public information and risk mitigation plans for responding to a possible breach. CIOs and IT leadership should prepare accordingly.
“Organizations recognize that it’s their duty to protect against the loss of information and its associated risks,” said Brill. “As corporate boards carry out their fiduciary responsibilities, they must also protect the company from possible shareholder lawsuits that allege the company's cybersecurity wasn't at a level that could be reasonably viewed to be ‘commercially reasonable’ and that incident response plans weren't in place to mitigate the risk. The challenge they face is determining what is a reasonable level of security and response, and who should make that call – is it their IT team, an industry expert, an independent third party?”
Kroll, a global leader in risk mitigation and response solutions, recently released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.