Corporate Governance in the Age of Cyber Risks

It is clear that cybersecurity is no longer chiefly the domain of CIOs, CISOs and IT departments, but rather a companywide and nationwide concern that demands oversight and direction from the boardroom and the broader community.
Traditional corporate firewalls do not offer adequate protection, according to speakers at the cybersecurity conference, which was organized by Sullivan & Cromwell, RANE (Risk Assistance Network + Exchange) and Knowledge@Wharton, in collaboration with AIG, Spencer Stuart and the John Jay College of Criminal Justice.
A 2015 survey by the NYSE Governance Services and Veracode shows the extent to which boardrooms are unprepared to deal with cyber attacks… Their biggest fear — noted by 41% of respondents — is brand damage due to loss of customers.
Bank systems closed down by hackers could spur a run on money and create a crisis of confidence, while a hacked utility company could mean no heating for millions of homes in the dead of winter.
Businesses could consider using the corporate, not personal, cloud services of tech giants such as Google, Amazon and Microsoft to keep their data and systems secure.
Companies that want to take a more active role in their cyber defenses should organize efforts under five themes: awareness, governance, systems, process and strategy.
Risk assessment, Incident response team, Share information, Test the response plan, Fulfill legal obligations.
In April 2015, President Obama signed the executive order, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”
The government should be declassifying more information and giving out more clearances to those managing critical infrastructure in order to help the business community better understand cyber threats…
The government should mitigate civil liability and antitrust concerns of businesses as they cooperate in cybersecurity. Companies should have immunity for a wide range of actions they might take to prevent or deal with cyber attacks and the sharing of information among them.
Recently, the U.S. Senate overwhelmingly passed the Cybersecurity Information Sharing Act, which would give companies legal immunity from sharing data about hackings with the government..

http://knowledge.wharton.upenn.edu/article/corporate-governance-in-the-age-of-cyber-risks/

Advertisements