Join Us On LinkedIn

Using financial modeling, companies can adopt approaches for estimating both the direct and hidden intangible costs associated with cyber-risk and express those risks in traditional financial terms. These models should be based on industry-accepted frameworks (e.g., FAIR, NIST, etc.). A cyber balance sheet incorporates these financial models and related tools to gauge the impact differential […]
Undoubtedly, upon learning of the Capital One hack, corporate board members across the U.S. are likely struck by one immediate thought (there but for the grace of God go I) and one immediate question (What should I do now?). This article tackles the issue of third party digital risk management head-on, by offering a useful and comprehensive strategical […]
Five years ago, when the reality of the cyber security threat began reaching the boardroom and audit and risk committees, only 15 percent of directors felt “very confident” their board oversaw cyber risk adequately. Today, cyber security preparedness and investments are front and center for directors. Increasingly, they are overseeing cyber security as a function […]
You would think that if a company was found both by the relevant regulatory authorities and by the courts to have taken all reasonable steps to protect personal data, it would have a complete answer to a data breach claim. Not so. That was the surprising (to some) outcome of a recent Court of Appeal […]
The NACD provides five helpful guiding principles for effective cyber-risk oversight that organizations can adopt and customize to their specific needs (e.g., size, life-cycle stage, strategy, business plans, industry sector, geographic footprint, etc.). via Cybersecurity: Five Guiding Principles for Boards – Lexology
Cybersecurity will be the hottest topic for boards of directors this year, according to the latest annual list from law firm Akin Gump Strauss Hauer & Feld. The “winner” was not much of a surprise, given that 2017 was riddled with high-profile attacks, including those targeting Equifax, Uber, Yahoo, and the U.S. Securities and Exchange Commission. “No crisis […]
From a tepid apology from CEO Richard Smith — totally incommensurate with the size of the crisis: “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this […]
This final part of the series Top Cybersecurity Concerns for Every Board of Directors discusses the board’s oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: data mapping and encryption. via Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption — Nasdaq Governance Clearinghouse
Data breaches. First, they were the concerns of CISOs and CIOs. Some even lost their jobs after overmediatized breaches. Then CEOs got the spotlight, especially as brand reputations were damaged and customers left angry and churning. Today, board members are increasingly more involved in discussions around companies’ cybersecurity and measures needed to prevent being thrown […]
Cybersecurity has in recent years become an integral component of a board’s role in risk oversight, but directors often find themselves in unfamiliar territory when it comes to formulating policies and oversight processes that address cybersecurity risk. It can be especially challenging for directors to identify upcoming risks and avoid focusing too much on yesterday’s […]
“Is the CEO and the board committed to cybersecurity or is it just another line item that will get funded, but without the personal leadership that’s required?” asks Jim Trainor, senior VP for Aon Risk Solutions and former assistant director for the cyber division at the Federal Bureau of Investigation (FBI). When it comes to […]
Companies can invest heavily in top-of-the-line security software and state-of the-art systems, but without the proper approach toward their IT employees, those efforts will be for naught. This article focuses on a board’s cybersecurity oversight pertaining to a company’s most important cybersecurity resource (and threat): its employees. Given the tumultuous risk associated with cyber-attacks, boards […]
In the aftermath of a corporate cyber-attack, boards and the companies they govern are subjected to immediate public scrutiny and, in many cases, unwarranted criticism. This new cyber-reality has essentially removed the distinction between board member and IT executive, with cybersecurity emerging as a key corporate risk area. For corporations, this is the dawning of […]
How can companies put their best security foot forward to attract top cybersecurity talent to the board? Companies often don’t look at their own cyber track record and vision for their security future before starting the interview process. Board advisers and cybersecurity pros offer five points to consider before interviewing a cybersecurity expert for the […]
Hardly a day goes by in legal and consultant circles when some expert somewhere is not opining on the need for corporate boards to bring a greater sense of urgency to address the growing business risk of cyber-attacks. Yet, even the most experienced commentators are underestimating the threat of cyber-attacks, and—even more importantly—overlooking a glaring […]