Multinational corporations face rising IT challenges and cyberattacks. Retailer Target, office supply chain store Staples and global banking powerhouse JPMorgan Chase are just a few major companies that have recently been hacked—and that have sustained financial costs and damage to their reputations as a result.
Global companies also struggle with the need to protect customers’ privacy in a multijurisdictional environment with conflicting regulations and compliance requirements.
Traditionally, corporate boards have tackled cyberrisks mainly through management oversight, making sure managers have adequate resources to reduce the chances of a cyberevent and mitigate its consequences. Yet, more boards are looking to improve IT risk management, usually by deeper involvement of the full board or one of its committees.
Recent corporate failures in the face of hack attacks have fed a growing tension between CEOs and boards about the right approach to cyberrisk.
In a recent report, Deborah DeHaas and Ed Powers of Deloitte identified rising areas of board responsibility, including benchmarking, war-gaming, assessing cyberprogram costs and determining the public response to a cyberincident. Growing oversight on cybermatters impacts the board’s corporate governance, time management, priorities and allocation of financial and other resources.
Furthermore, addressing the issue in the boardroom is no guarantee of effective results. The New York Stock Exchange Corporate Board Member’s 12th Annual Director Survey, conducted with executive search firm Spencer Stuart, confirms that although directors regularly discuss cyberrisk, many are still not confident in their ability to manage it.
This new trend toward more active responsibility changes board composition and recruitment, as there is an increasing need to introduce board members who have IT experience and cyberknowledge, who can ask management the appropriate questions and take ownership of cybermatters at board level.
According to PwC’s 2015 Annual Corporate Directors Survey, 89% of directors find board expertise in this area to be at least somewhat important, a perception that calls for board members with nontraditional professional backgrounds.