See things clearly
Legal Risks on the Radar, is an annual survey, published in the U.S. by Corporate Board Member and FTI Consulting.
The 2012 report researches attitudes to current legal issues among ‘two critical governance groups’: public company directors and corporate general counsel (GC).
Amongst other things, the survey finds that the growth of digital business, and connectivity, has caused many in these groups to recognise the increasing importance of understanding the legal issues associated with data security and operational risk,
“...for the first time, data security was earmarked by the largest percentage of responding directors (48%) and general counsel (55%) as an issue of concern. The second most prevalent response for both directors and GCs centers on operational risk, which topped directors’ list in 2011 and moved up several places for general counsel this year...”
However, there is some “cause for concern” in the survey results. When asked to rate, “how well their board was managing cyber / IT risk”,
‘...a third of the lawyers surveyed had expressed the view that their firms' boards were "not effective at managing cyber risk". Fewer than half of the directors questioned said that their companies had "a formal, written crisis management plan" to turn to in the event of a cyber attack...’
“Seventy-seven (77%) of directors and general counsel believe their company is prepared to detect a cyber breach should one occur.”
An obvious problem, therefore, is ‘the disconnect between having written plans and the perception of preparedness’.
Perhaps a less obvious problem, is the disconnect that such a high percentage of directors & GCs have in perceiving the capability of their organisation to detect a breach, given the complexity of detecting such a breach.
This is where new thinking about business in the digital age can be very useful.
When you have that clarity, you are then in a position to make more-informed decisions about optimising and securing your flows of data, and minimising operational risk to your business.
Without that clarity, how confident are you that your company has the capability to detect a cyber breach should one occur?
Add a Comment