5 Tips to Get the Board Invested in Cyber Risk Management
White Paper Summary
Cyber attacks are growing in frequency, expense, and complexity. According to Security Magazine, more than 2,200 attacks occur each day, breaking down to one cyber-attack every 39 seconds. Whether these attacks result from human error or outright malfeasance, they cost companies dearly.
Ransomware attacks in particular have evolved into major financial threats. Gone are the days where hackers demand small sums to reduce their risk of getting caught. Now they ask for millions. And thanks to the interconnectedness of IT systems, an attack on one central vendor can bring down multiple entities at a time.
In early July, for example, a Swedish supermarket chain was forced to close more than 500 stores when a ransomware attack targeted not the chain itself, but its U.S.-based point-of-sale system provider. It’s estimated that roughly 200 businesses were affected by the breach.
“Cyber-attacks are getting larger. You have major corporations that have been completely stalled for weeks or even months due to a ransomware claim,” said Derrick Lewis, Senior Director, Cyber Risk Control, Liberty Mutual Insurance. “Because of that wide-ranging impact, cyber security is becoming less of an issue for the CIO, CISO or CTO and more of a board-level concern.”
Boards of directors need to understand their organizations’ cyber risk exposures and security posture and be prepared to take action when a breach happens. Board members who neglect to involve themselves in the cyber security program could potentially face stakeholder lawsuits in the event of an attack.
Here are five key strategies for increased board involvement in cyber security to help mitigate both cyber and directors and officers (D&O) exposure.
To learn more about Liberty Mutual Insurance, please visit their website.