Indeed, with recent earth-shattering breaches — and increased litigation against executives following privacy breaches — the subject of cyber security is finally getting added to the board meeting agenda.
To help your leadership team clearly establish your company’s cyber security stance, here are 3 conversations moving from the server room to the board room:
1. Have We Already Been Breached?First, you must rip off the band-aid. The ethical response to the statistics (which say companies of all sizes are likely to have already experienced a breach) is to determine what data has already been exposed and to report it to the appropriate channels.
Action Item: Bring in a legal specialist and a 3rd party security auditor to examine potential breacheswith your IT department.
2. We Are Responsible.The second point of discussion is to formally acknowledge that all company stakeholders are ultimately responsible for securing your company’s data. Former Equifax CEO Richard Smith, for example, claimed a security staffer failed to complete their responsibilities—this attempted blame shifting is now being thoroughly evaluated by the federal judicial system.
Action Item: With the input of a cyber security consulting firm, renew your chain of responsibility and implement new weekly reports and check points for increased accountability. Consider designating a board committee to oversee cyber security matters.
3. How Will We Detect and Respond to Future Attacks?The final point of conversation won’t be limited to a one-time discussion. Evaluate the strength of your essential cyber security practices, personnel, and partners.
Action Item: Document your methodology for detecting and responding to future attacks, ensuring that all vectors of cyber attack are accounted for.
Creating a Unified ResponseBefore initiating these conversations in the board room, you may need to discuss the real risk posed to companies like yours. We suggest reviewing Verizon’s 2018 Data Breach Investigation Report to see how companies in your industry are being targeted by hackers.
To provide your executive team and board of directors with an overview of your company’s security policies and risks, consider a Security Framework Assessment. An executive report provided by an unbiased, third-party auditor can take board room conversations and translate them to actionable insights.
Still have questions, comments, or feedback? Email us and one of our Cyber Security Advisors will reach out to you.