Why Cybersecurity MUST be a Board Issue
In recent years, there’s been an overwhelming number of cyber crime incidents occurring. Boards need to be more proactive in their cybersecurity. The number of cyber attacks over the past few years have forced all C-level executives to become more educated about their cybersecurity. Gone are the days where cybersecurity is passed off to the IT department. While many executives may find it difficult to follow because of a lack of knowledge or simple disinterest, it is essential to take an active role. Otherwise, there may be potential shareholder lawsuits and even the possibility of being removed from the board. If a business fails to explore this, they will be followed by serious consequences. Lawsuits are a guarantee for when there is a cyber breach or data breach.
According to Director & Boards author Tom Horton, “A primary responsibility of every board of directors is to secure the future of the organization. The very survival of the organization depends on the ability of the board and management not only to cope with future events but to anticipate the impact those events will have on both the company and the industry as a whole.”
The Institute of Internal Auditor’s Audit Executive Center did a survey, and boards agree that cyber security preparedness has increased but shared that only 14% of those folks were actually actively involved.
The National Association of Corporate Directors (NACD) published 5 principles that all corporate boards should consider “as they seek to enhance their oversight of cyber risks. These five principles are:
1. Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue.
2. Directors should understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
3. Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on the board meeting agenda.
4. Directors should set the expectation that management will establish an enterprise-wide risk management framework with adequate staffing and budget.
5. Board-management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer through insurance, as well as specific plans associated with each approach.
Cybersecurity doesn’t leave one person unaffected, it’s a given that the board be involved with the cybersecurity strategy.
How can we help?
Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month.
We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at any time. #FightBackWithAxiom