See things clearly

Legal Risks on the Radar, is an annual survey, published in the U.S. by Corporate Board Member and FTI Consulting.


The 2012 report researches attitudes to current legal issues among ‘two critical governance groups’: public company directors and corporate general counsel (GC).


Amongst other things, the survey finds that the growth of digital business, and connectivity, has caused many in these groups to recognise the increasing importance of understanding the legal issues associated with data security and operational risk,

“...for the first time, data security was earmarked by the largest percentage of responding directors (48%) and general counsel (55%) as an issue of concern. The second most prevalent response for both directors and GCs centers on operational risk, which topped directors’ list in 2011 and moved up several places for general counsel this year...”

However, there is some “cause for concern” in the survey results.  When asked to rate, “how well their board was managing cyber / IT risk”,

‘...a third of the lawyers surveyed had expressed the view that their firms' boards were "not effective at managing cyber risk". Fewer than half of the directors questioned said that their companies had "a formal, written crisis management plan" to turn to in the event of a cyber attack...’


“Seventy-seven (77%) of directors and general counsel believe their company is prepared to detect a cyber breach should one occur.”

An obvious problem, therefore, is ‘the disconnect between having written plans and the perception of preparedness’. 


Perhaps a less obvious problem, is the disconnect that such a high percentage of directors & GCs have in perceiving the capability of their organisation to detect a breach, given the complexity of detecting such a breach.


This is where new thinking about business in the digital age can be very useful.




  • to some degree your organisation can be thought of as a “refinery” - instead of processing oil, it processes data

  • data is the life-blood of your business – but it is unlikely you have sufficient clarity on how data flows through the people, process and technology of your organisation, and, by extension, the other organisations with which it interacts

  • this is not an unusual situation, and that is part of the problem – it’s what makes  many organisations vulnerable to operational outage and/or cyber attack

  • clarity can only be created when you can clearly see and easily communicate how the assets of the business (including people) interact with flows of data. Such digital flows have to be understood, engineered and standardised like other important flows throughout history - water, steam, electricity etc


When you have that clarity, you are then in a position to make more-informed decisions about optimising and securing your flows of data, and minimising operational risk to your business.


Without that clarity, how confident are you that your company has the capability to detect a cyber breach should one occur?





Views: 87

Add a Comment

You need to be a member of OBASHI Think to add comments!

Join OBASHI Think

© 2018   Created by Fergus Cloughley.   Powered by

Badges  |  Report an Issue  |  Terms of Service