In today's digitally driven world, cyber threats pose a significant risk to organizations of all sizes and industries. As stewards of their companies' success and security, board members play a crucial role in safeguarding sensitive information and ensuring business continuity. Threats from within are on the rise as employees are being duped into releasing sensitive information.
While the Security and Exchange Commission (SEC) is promoting more reporting and controls around cyber risks for public companies, the same guidelines are best practices for private companies. Board members should begin by creating a robust cybersecurity governance framework. This framework should outline roles, responsibilities, and reporting structures within the organization. In many instances, the Audit Committee under the enterprise risk mandate can work with the Chief Information Officer (CIO), Chief Information Security Officer (CISO), General Counsel (GC), and Chief Financial Officer (CFO) to promote further awareness alongside a cyber committee of the Board.
Board members should champion a cybersecurity-aware culture within the organization. Promoting employee training and awareness programs to ensure everyone understands their role in safeguarding sensitive information should be imperative and reported on during board meetings. Safety first...and more to follow.
Total potential losses from cyberattacks and cyber fraud surged 48% last year to $10.2 billion from $6.9 billion in 2021, according to the FBI. The FBI's Internet Crime Complaint Center received 21,832 complaints involving fraud attempts via "business email compromise" scams in particular, with adjusted losses totaling over $2.7 billion.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.