Ten Cybersecurity Concerns for Every Board of Directors by John Reed Stark and David R. Fontaine*

02/05/2015 23:11

Every board now knows its company will fall victim to a cyber-attack, and even worse, that the board will need to clean up the mess and superintend the fallout.

Yet cyber-attacks can be extraordinarily complicated and, once identified, demand a host of costly responses. These include digital forensic preservation and investigation, notification of a broad range of third parties and other constituencies,[1]fulfillment of state and federal compliance obligations, potential litigation, engagement with law enforcement, the provision of credit monitoring, crisis management, a communications plan – and the list goes on.

 

And besides the more predictable workflow, a company is exposed to other even more intangible costs as well, including temporary or even permanent reputational and brand damage;[2] loss of productivity; extended management drag; and a negative impact on employee morale and overall business performance.

So what is the role of a board of directors amid all of this complex and bet-the-company workflow? Corporate directors clearly have a fiduciary duty to understand and oversee cybersecurity, but there is no need for board members (many of whom have limited IT experience) to panic.

Below we compile a list of ten cybersecurity considerations that provide a solid bedrock  of inquiry for corporate directors who want to take their cybersecurity oversight and supervision responsibilities seriously.[3]  This “cybersecurity top ten list” provides the requisite strategical framework for boards of directors to engage in an intelligent, thoughtful and appropriate supervision of a company’s cybersecurity risks.

By using these ten concerns as a guide, boards of directors can not only become more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item, at the top of a board’s oversight agenda.

Read the Full Article:http://www.cybersecuritydocket.com/2015/04/30/ten-cybersecurity-concerns-for-every-board-of-directors/

Download as pdf