View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Board responsibilities must evolve in the face of increasing cyber threats

It's time for board executives to take threats seriously, batten down the hatches and protect their organisations, employees and customers.

By James Nunns

While the advent of new technologies such as automation, Artificial Intelligence and machine learning are helping propel businesses forward, they’re also opening up organisations to growing security risks.

Gaurav Kataria, CIO, Cyient

Huge advances are being made in genomics, and manufacturing technologies, with machines closing in on human abilities with astonishing speed. Yet, cybercrime represents the dark side of digitisation, and is the mastermind of increasingly sophisticated individuals. We’re now facing the most significant cybersecurity threat to date.

Last month, the WannaCry ransomware attack affected thousands of businesses worldwide and new types of attack are emerging all the time. It’s therefore more important than ever before for board executives to take these threats seriously and batten down the hatches to protect their organisations, employees and customers.


Why board executives’ responsibilities must evolve

The digital warfare is intensifying, and cyber criminals are becoming ever more sophisticated and creative in their approach to attack. In response, the role of the board has moved from being 90% focused on fiduciary responsibility to 75% focused on strategy and risk management. Of all the risks that the board oversees, cyber security has emerged as a central theme across all large and mid-sized corporations, with businesses expected to spend $101.6bn on cyber security software, services and hardware by 2020, according to IDC. The board should no longer focus solely on mitigation strategies but also ensure that processes are in place to cover liability.

On top of IP and data loss, the board must look at how it can prevent reputational damage to its brand. We’ve seen a number of examples in the press recently where businesses have been left red-faced due to security scandals – from Barclays’ CEO falling victim to an email prankster to Yahoo’s acquisition price being slashed after suffering several data breaches. Reputation is one of the most valuable and fragile assets of an organisation. According to the World Economic Forum, more than 25% of a company’s market value can be attributed to its reputation, which demonstrates the importance of getting this right. A good reputation built through years of dedicated effort can be destroyed almost overnight, especially in today’s world where an organisation’s customers, operations, supply chains and internal and external stakeholders are scatted globally and connected via technology.


Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
New technologies significantly increase an organisation’s exposure to cyber theft

As the threat of cybercrime intensifies, it’s not a case of ‘if’ but ‘when’ hackers will strike each and every business. Exploit kits are increasingly being sold on the dark web and paid for with bitcoins, making it easier for anyone with an agenda to do so to buy low cost tools and remain relatively unnoticed.

This means that the window for responding is narrowing and organisations have to demonstrate that they have taken control of a breach very quickly if they are to protect their data and reputation. That said, board executives should take care over exactly how the breach is communicated to their customers, stakeholders and the media – TalkTalk’s CEO, Dido Harding, was heavily criticised for her handling of a major hack attack in 2015.


What board executives must do in response

Today, just 7% of organisations claim to have a robust incident response programme in place and nearly half of UK businesses have no cyber security plan whatsoever. To address this, the emphasis for boards must now be on making sure that critical security infrastructure is in place, enhancing crisis response and strategies that emphasise a good balance of preventative and responsive tactics.

Technology is blurring the lines between industries and people are spending more time connected to the internet than any other medium of communication, providing increasing opportunities for attacker models. While understanding the future impact of technologies should be the responsibility of the business’ managers, it is the board executives’ responsibility to ask management for their perspective on how the organisation is handling the strategic risks related to digital disruption today.

Read more: IBM Chief Digital Officer: Building strategy around the rock stars of the future

Some organisations are creating new technology forums, building the expertise of corporate directors and strengthening IT governance. This is all with the aim of empowering boards to guide managers by asking the right questions about technology and its impact, and pushing cyber security issues to the top of the agenda.

Technology is advancing at an astonishing pace, with developments in robotics and cognitive technologies pushing the boundaries of what’s possible. While I am very optimising about our connected future, C-level executives need to ensure they’re asking all the right questions to deal with the risks arising from the digital era and ensure they’re don’t fall victim to the next cyber-attack.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.