Whether a company generates electricity, formulates chemicals, makes a product, or runs a marketing business, the last thing it wants is an outsider gaining access to its internal processes and secrets. It’s not only a threat to the company’s competitive position, but it could be dangerous for employees, customers, and the corporation as a whole. In 2011, for the first time, the U.S. Securities and Exchange Commission recognized the critical nature of cyber and data privacy risks to our increasingly linked and interconnected world when its Division of Corporation Finance issued new guidance advising investors of such risks and indicating when public disclosure of those risks and any security breaches would be appropriate. The guidance is not, however, a binding rule and focuses only on the disclosure of specific material risks by publicly-traded companies.
Despite this new focus on cyber security by the government, the 2012 Carnegie Mellon CyLab survey of Forbes Global 2000 companies found that boards of directors are still not actively addressing cyber risk management. More specifically, it concluded that “…boards still are not undertaking key oversight activities related to cyber risks, such as reviewing budgets, security program assessments, and top-level policies; assigning roles and responsibilities for privacy and security; and receiving regular reports on breaches and IT risks.” It is a difficult and constantly evolving field, for which most directors and senior managers are ill-equipped—-especially if you include within the field the hydra that is social media. But, senior management needs to raise these issues to their boards and, if necessary, bring in outside experts for to educate themselves and their boards. Most pernicious though is the very real and near-immediate risk of devastating reputational harm that companies face from cyber and data-related breaches, or that can accompany a social media miscue. That is why companies need to get smart about these issues, develop a plan, and execute that plan.