In your experience, how is cyber-crime currently viewed within the governance landscape?
Risk-management professionals around the world overwhelmingly view cyber-risk as one of the top risks organizations must address. It stems from a greater dependence on technology. Businesses are racing to keep pace with the world around them, competitors and customer demands. Many are adopting new technologies too quickly, without doing proper due diligence regarding the impacts and exposures new technologies can present.
Governance provides structure to technology adoption and, as such, offers checks and balances to ensure all stakeholders within the organization are aware of the technology and its propensity to deliver value, as well as the potential exposures. With governance processes in place, organizations are better positioned to monitor the implementation of technology and develop robust cyber-security measures accordingly.
What are the main cyber-security threats IROs need to be aware of?
While robust data security measures are vital to prevent business interruption losses and ensure compliance with data privacy laws, it is also important for IR professionals to recognize a cyber-breach’s impact on corporate reputation.
It takes years for an organization to build its reputation, but the onset of a cyber-attack – especially one that results in business interruption or compromised customer data – can shatter that reputation instantly.
There are several marquee examples of organizations that failed to adequately protect data and immediately saw an erosion in stakeholder and investor confidence. Articulating the connection between a cyber-breach and corporate reputation to leadership will help IROs get the resources they need to proactively prepare for an attack and efficiently lead the response to one.
What counter-measures can IR professionals take?
From the risk professional’s perspective, organizations that are proactive about cyber-risk are better equipped to rebound post-attack. The same holds true for IROs.
Establishing a cyber-breach crisis team in advance is a best practice for successfully managing an attack. Made up of business leaders from across the organization – including IT professionals and risk-management leaders – the team can enhance cross-departmental communications and help inform crisis response.
Additionally, a team approach creates a channel for incidents or suspected attacks to be escalated to a higher priority for response and mitigation. It also enables the organization to identify the business areas that will be impacted, as well as guide how the organization should address the situation.
Stakeholders are going to want to know exactly what happened as well as what steps the organization is taking to prevent that situation from ever happening again.
This is an extract of the Q&A published in the Winter 2022 issue of IR Magazine. Click here to read the full article.