Cybercrime breaches costs corporate boards big time: Have you done your due diligence?
Cybercrime breaches costs corporate boards big time: Have you done your due diligence?
Dr. Arvind Singh
Back away from the snooze button. This is a $29 million wake-up call you can’t afford to miss.
In January 2019, Yahoo’s board agreed to pay the enormous $29 million settlement to its shareholders as the result of cyberattacks that compromised three billion Yahoo user accounts. It was the first time shareholders had successfully held a company responsible for data and cybercrime breaches. And it is a loud warning to corporate boards that they must start paying attention to cyber risks.
But are they? Considering that over 7.9 billion records were exposed as of September 2019 — up 112 percent from 2018 — it looks like they may have their fingers in their ears.
Not only is cybercrime on the rise but cyberattacks are expected to cost the world $6 trillion annually by 2021 — and as the Yahoo case demonstrates, corporate boards are increasingly being held responsible by shareholders. It’s time for directors to get front and center in the fight against cybercrime. Taking a proactive approach and ramping up the company’s cybersecurity IQ will not only decrease a company’s risk, but can give it a competitive advantage.
The Call Is Coming From Inside the House:-
Remember those slasher movies from the ‘80s when the creepy call was coming from inside the house? This is a little like that. Your greatest threat is coming from inside your organization. According to the 2019 Insider Threat Intelligence Report, insider threats are on the rise and cost companies an average of $8 million per incident. That doesn’t mean your company is crawling with spies, however.
The vast majority of insider threats (64 percent) are the result of negligence and lax employee behavior, while 13 percent come from user credentials being compromised. These numbers are a red flag, pinpointing a need for greater employee security reflex training. Many organizations are overly focused on technological fixes and blind to the human elements of data protection.
Security isn’t the IT department job- It’s everyone job:-
Boards should assess new executive talent for their cybersecurity IQ (and quiz them on it). Cybersecurity IQ is a competitive advantage and companies get that advantage by having people who understand, believe, practice and share cybersecurity best practices. In addition, the IT Department is only one portion of the greater solution. For truly effective cybersecurity, your strategy should be based around the critical business activities that are at stake, not just the technology that supports it. That means that operational heads, the risk and compliance team and relevant specialists inside and outside of the organization should be included in the conversation.
Innovation Introduces Risk:-
Companies thrive on innovation, but the downside is that innovation and/or disruption are massive risks to security. For example, smart electricity meters on homes are a boon to electric companies, but because they’re online and connected to the grid, they can be hacked and used to access all areas of the network. Innovation is always looked at from an offensive perspective — how it can benefit an organization. Smart cybersecurity means that innovation needs to be looked at defensively, too. Budget security directly into your innovative initiatives so that you don’t pay multiples down the road when that innovation becomes a back door into your bottom line.
