Experts predict that heightened expectations among consumers, advocates and regulators will require organizations to step up cyber measures in the year ahead.
Prediction #4: Corporate board audit committees will take a greater interest in cyber security risks and the organization’s plans for addressing them. With more and more data breaches – from theft of trade secrets to loss of customer information – in the headlines, corporate audit committees are beginning to focus on the connection between cyber security and an organization’s financial well-being. As such, they will expand their attention beyond the financial audit process to the organization’s strategic plans for protecting non-public information and risk mitigation plans for responding to a possible breach. CIOs and IT leadership should prepare accordingly.
“Organizations recognize that it’s their duty to protect against the loss of information and its associated risks,” said Brill. “As corporate boards carry out their fiduciary responsibilities, they must also protect the company from possible shareholder lawsuits that allege the company’s cyber security wasn’t at a level that could be reasonably viewed to be ‘commercially reasonable’ and that incident response plans weren’t in place to mitigate the risk. The challenge they face is determining what is a reasonable level of security and response, and who should make that call – is it their IT team, an industry expert, an independent third party?”