Ver Suplemento Temático...

Seguridad Corporativa y Protección del Patrimonio.
Seguridad de la Información y Protección de Datos.


Revista de Prensa: Artículos

lunes, 13 de febrero de 2017

Change In Corporate Mindset Needed To Combat Cyber Attacks

Richard Levick

Certain corporate boards and C-level executives think that because their company owns cyber insurance they don’t need to worry, observes Donald Good, Director of Global Legal Technology Solutions at Navigant. “Instead, they should be planning and thinking about the repercussions of a cyber breach and how it will hurt their bottom line,” Good recommends.

Good stresses that corporate leaders need to strengthen their organization’s cybersecurity. “It starts at the top and goes down from there and that’s where we’ve seen companies be successful,” he says. “There needs to be a balance among the right people, the right technology, and the right processes in place.”

Companies that lack a creditable cybersecurity strategy are playing a game of Russian roulette. According to Juniper Research, cybercrime will cost businesses $2.1 trillion globally by 2019, quadrupling the estimated cost of breaches in 2015. The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected.

It’s also important to note that by 2020 cyber losses will amount to far more than data – they are sure to include financial, health, safety, and security information. We are rapidly entering the age where free credit reporting as a consumer-facing recovery strategy will do more harm to brands than good.

To be sure, large and publicly traded companies are getting better at recognizing the cybersecurity threat and how to inoculate their data systems from a computer breach. But some boards still are too quick to relegate the issue to the IT department and fail to appreciate that cyber attacks represent a risk that could decimate the entire company.

“Is the CEO and the board committed to cybersecurity or is it just another line item that will get funded, but without the personal leadership that’s required?” asks Jim Trainor, senior VP for Aon Risk Solutions and former assistant director for the cyber division at the Federal Bureau of Investigation (FBI).                 

When it comes to cyber security, there’s now an onus on boards and C-suite executives to establish accountability and delineate clear lines of communication.

Jamie Barnett, Rear Admiral (Ret.), Co-Chair of Venable's Telecommunications Group and a partner in the firm's Cybersecurity Practice, said, “Our collective mindset has been that cybersecurity is an information technology (IT) thing, but we have to drive it into enterprise-wide risk management. It is part of finance, sales, human resources and every other aspect of the risk of the business—and it must be managed that way.”

Judy Selby, managing director, Technology Advisory for BDO, a global accounting and management consulting firm, points out that the problems associated with cybercrime “need to be communicated in ways that boards will understand. Going into a board room and starting to speak in tech jargon may not be the best approach…You have to use the information you have as an asset.”

She argues that companies should also insist on crisis management planning for cybersecurity, which can help extrapolate a company’s level of risk and its readiness to combat a cyber attack.     

“Expect the effect to be the opposite of silos,” Selby says, regarding adequate cyber defenses. “You need a team approach to plan for cyber attacks and fix them once there’s a breach. You also need a readiness for [cybersecurity] regulations.”

Carefully monitoring regulations is especially relevant to corporations doing business in the European Union (EU). New rules in place for next year will increase the EU’s data security penalties to four percent of global annual revenue. 

Esta noticia ha sido vista por 363 personas.