As the number of cybersecurity incidents continues to rise, cybersecurity best practices for boards of directors are critically important. It's not enough to put cybersecurity on the agenda: directors should have a practical understanding of the cybersecurity threats their organization faces and a plan in place to respond to them.
Recent years have taught us one thing above all: the pace of attacks isn't slowing down. IBM's 2020 Cyber Resilient Organization Report shows that more than half of all organizations have reported significant disruption due to a cybersecurity incident in the past two years. In addition, the total average costs of data breaches continue to rise, in 2019 up 1.5 percent from 2018, and up 12 percent since 2014. And while board members may not be cybersecurity experts, they still play an essential role in securing their organizations: board-level involvement in cybersecurity reduced the average cost of a data breach by $180,000.
Here Are the Top Five Cybersecurity Best Practices That Your Board Should Be Using:
- In 2019, extensive use of IoT devices and mobile platforms was found to increase the average total costs of a data breach by $160,000 and $240,000, respectively. Given the current shift to remote work, it's essential that all board members all board members must have appropriate security in place. Device passwords must be complex, laptop computers and mobile devices equipped with remote wiping, and IoT devices secured against intrusion. Because home Wi-Fi networks are rarely as robust as corporate networks, and hardware-based VPNs may not provide adequate security either, organizations should ensure that scalable network security solutions are available to all remote workers.
- Cybersecurity threats are constantly evolving, so regular cybersecurity training for board members is essential. This should include instruction about identifying potential risks such as malware and phishing emails, training about the risks involved in file sharing and using personal devices, and steps to take in the event of an attack.
- Just as it's essential that board members and business leaders understand key cybersecurity concerns, IT and infosec leadership must also understand how the business runs. When boards foster effective communication with security leadership, IT will be better able to establish effective protections against outside threats.
- In 2020, organizations experiencing third-party breaches included General Electric, Marriott and Instagram. Boards must take steps to identify critical vulnerabilities, not only within your own organization, but also in and third parties (such as partners, contractors and suppliers): in 2019, third-party involvement increased the average cost of a breach by more than $370,000. As outsourcing essential services becomes more common, and with supply chains getting longer and more complex, businesses must pay greater attention to the cybersecurity practices at every partner.
- Boards must establish response and reporting protocols to be followed in the event of a breach. In addition to the initial response to a breach (countermeasures and mitigation), the emergence of data protection legislation such as GDPR, which allows for the imposition of significant penalties (up to 20 million euros, or 4 percent of total global revenue, whichever is higher) makes reporting a priority.
Media Highlights
Environmental, social and governance (ESG) issues have become more complex and multifaceted than ever before. At the same time, ESG continues to ascend on board and leadership agendas.
In this buyer’s guide, we explore what a market-leading ESG solution should look like and highlight the key areas organisations should be prioritising as they embark on their search.