Why Is Your Board of Directors Finally Asking About Cyber Risks?

Here is a great article about how the awareness of Cyber Risk is increasing at the board level. The biggest reason is the recent focus by SEC on enforcing the cyber security standards. This can help the industry a lot, similar to how Payment Card Industry Security Standards enabled a better security posture within retail segment.

Some key quotes from articles above below —

Indeed, according to one survey, U.S. companies experienced a 42% increase between 2011 and 2012 in the number of successful cyber-attacks they experienced per week.

According to one 2013 survey, the average annualized cost of cyber-crime to a sample of U.S. companies was $11.6 million per year, representing a 78% increase since 2009.

When considering the board’s role in addressing cybersecurity issues, it is useful to keep in mind the broad duties that the board owes to the corporation and, more specifically, the board’s role in corporate governance and overseeing risk management.

At a minimum, boards should have a clear understanding of who at the company has primary responsibility for cybersecurity risk oversight and for ensuring the adequacy of the company’s cyber-risk management practices. In addition, as the evidence shows, devoting full-time personnel to cybersecurity issues may help prevent and mitigate the effects of cyber-attacks.

This is clearly a big step in the right direction for establishing responsibilities across the organization and help have the infrastructure to protect from and respond to cyber threats.