Board Participation in Cybersecurity: What More Needs to Be Done?

McGuireWoods LLP
Contact

High-profile data breaches seem to hit the headlines almost every day. These breaches have proved terrifying for many companies, particularly as the attackers release embarrassing emails and other information. The frequency of attacks is accelerating. Respondents from a Price Waterhouse Coopers survey (PwC) reported (click the report) a 38 percent increase in cyber-attacks from 2014. Companies are spending $77 billion on data privacy and security tools and processes this year alone. Gartner reports that number will more than double to $170 billion by 2020.

As a result, boards are increasingly participating in corporate cybersecurity strategy. Given the glut of cybersecurity attacks, data security and privacy should be top of mind for every board member. Some initiatives that companies are taking are described below; board members should consider taking these initiatives seriously if they haven’t already.

Cloud services can be used to promote security. Cloud tools can be deployed for data protection, privacy, network security, identity and access management, real-time monitoring and analytics, and advanced authentication. Board members should consider whether their company has invested in the right tools to execute the proper security measures.

Companies should implement security frameworks. Security frameworks, such as ISO 27001 and the U.S. National Institute of Standards and Technology Cybersecurity Framework, can be used to mitigate risk. Such frameworks help companies identify and prioritize risks, audit their cybersecurity practices and improve communication.

Collaborate with other companies in your industry. Many companies are collaborating with one another, and sharing data privacy and security intelligence. Such partnerships allow a more formidable frontline of defense and a collective threat database and assessment, as well as Information Sharing and Analysis Centers (ISACs). President Barack Obama signed an executive order that encourages collaboration among public and private organizations through Information Sharing and Analysis Organizations (ISAOs) which are designed to be more flexible than ISACs.

Companies should implement advanced authentication. Companies, financial institutions in particular, can implement touch ID technology, which allows customers to access their mobile app by scanning their fingerprint to their phone. Other firms use facial and voice recognition as well. Replacing traditional password credentials with updated authentication measures is the wave of the future.

See more information in a PwC report on this topic here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© McGuireWoods LLP

Written by:

McGuireWoods LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide