Boards Had Better Start Paying Attention to Cybersecurity

Posted byShawn E. Tuma 3 Comments on Boards Had Better Start Paying Attention to Cybersecurity

Yesterday Forbes featured an excellent article that explained why it is important for companies to create Board-level committees to focus exclusively on the issue of cybersecurity. Here is just a teaser but I encourage you to read the entire article.

Step one for every board is to understand that it is supposed to be offering oversight on these risks as part of its fiduciary duty. The board needs to assure there are internal controls in place to protect the corporation’s cyber assets. The stakes are high. A study found that up to $21 trillion in global assets could be at risk from cybercrime. What is needed is a solid board structure for monitoring and managing cyber risk in the company. To begin, I recommend is a series of committee briefings so “cyber security” is demystified and better understood. However, given the complexity and dangers involved, I think the time has come for boards to create a dedicated cybersecurity technology committee.

read more: Why It’s Time For A Board-Level Cybersecurity Committee

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Join the Conversation

3 Comments

  1. Hey Shawn, the author makes some good points in the article, but, what she misses is the fact that most CEO’s and the C-suite for that matter are still seeing cyber security as an IT issue. Boards are beginning to show concern but rely on management for a plan. Management is looking to IT who is, in too many cases claiming the network is secure, sometimes out of arrogance, other times out of ignorance and lack of expertise in the security area, and that up-time is great. Unfortunately for many companies the cyber security conversation gets pushed to IT and dies. What managers need to understand is that it is not a cyber security issue, it is a risk management issue. Leadership better begin to identify and address the risk, and then bring the board into the discussion.

    Dave

    Reply

    1. David, thank you very much for sharing your insights – I agree 100% that it is time for everyone to realize this is no longer an IT issue (if it ever really was) and is now, perhaps, the biggest general business issue companies face because its impact transcends all aspects of the business environment. As you pointed out, the biggest challenge is often getting past the IT gatekeeper to which, quite naturally, company leadership looks to and asks “do we have an issue?” and the response is far too often “nah, we’ve got a covered” … until it hits the fan!

      Reply
  2. Reply

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading