While the emergence of new technologies such as machine learning, Artificial Intelligence and automation are helping propel businesses forward, they’re also opening up organisations to growing security risks. Huge advances are being made in genomics, and manufacturing technologies, with machines closing in on human abilities with astonishing speed. Yet, cybercrime represents the dark side of digitisation, and is the mastermind of increasingly sophisticated individuals. We’re now facing the most significant cybersecurity threat to date. This year, we’ve seen the WannaCry and Petya ransomware attacks affect thousands of businesses worldwide and new types of attack are emerging all the time. It’s therefore more important than ever before for board executives to take these threats seriously and batten down the hatches to protect their organisations, employees and customers.
Board responsibilities must evolve
The digital warfare is intensifying, and cyber criminals are becoming ever more sophisticated and creative in their approach to attack. In response, the role of the board has evolved from being 90% focused on fiduciary responsibility to 75% focused on strategy and risk management. Of all the risks that the board oversees, cyber security has emerged as a central theme across all large and mid-sized corporations, with businesses expected to spend $101.6bn on cyber security software, services and hardware by 2020, according to IDC. The board should no longer focus solely on mitigation strategies but also ensure that processes are in place to cover liability.
On top of IP and data loss, board executives must look at how they can prevent reputational damage to the business. We’ve seen a number of organisations hit the headlines this year with security scandals – from Barclays’ CEO falling victim to an email prankster to Yahoo’s acquisition price being slashed after suffering several data breaches. Reputation is one of the most valuable and fragile assets of a business. According to the World Economic Forum, more than 25% of a company’s market value can be attributed to its reputation, which demonstrates the importance of getting this right. A good reputation built through years of dedicated effort can be destroyed almost overnight, especially in today’s world where an organisation’s customers, operations, supply chains and internal and external stakeholders are scatted globally and connected via technology.
Organisations left vulnerable to cybercrime
As the threat of cybercrime intensifies, it’s not a case of ‘if’ but ‘when’ hackers will strike each and every business. Exploit kits are increasingly being sold on the dark web and paid for with bitcoins, making it easier for anyone to buy low cost tools and remain relatively unnoticed.
This means that the window for responding is narrowing and organisations have to demonstrate that they have taken control of a breach very quickly if they are to protect their data and reputation. That said, board executives should take care over exactly how the breach is communicated to their customers, stakeholders and the media – TalkTalk’s CEO, Dido Harding, was heavily criticised for her handling of a major hack attack in 2015.
How to respond
Today, just 7% of organisations claim to have a robust incident response programme in place and nearly half of UK businesses have no cyber security plan whatsoever. To address this, the emphasis for boards must now be on making sure that critical security infrastructure is in place, enhancing crisis response and strategies that emphasise a good balance of preventative and responsive tactics.
Technology is blurring the lines between industries and people are spending more time connected to the internet than any other medium of communication, providing increasing opportunities for attacker models. While understanding the future impact of technologies should be the responsibility of the business’ managers, it is the board executives’ responsibility to ask management for their perspective on how the organisation is handling the strategic risks related to digital disruption today.
Some organisations are creating new technology forums, building the expertise of corporate directors and strengthening IT governance. This is all with the aim of empowering boards to guide managers by asking the right questions about technology and its impact, and pushing cyber security issues to the top of the agenda.
Technology is advancing at an astonishing pace, with developments in robotics and cognitive technologies pushing the boundaries of what’s possible. While our connected future holds much promise, C-level executives need to ensure they’re asking all the right questions to deal with the risks arising from the digital era and ensure they’re don’t fall victim to the next cyber-attack.
By Gaurav Kataria, CIO, Cyient