Speaking with leading legal industry publication High Performance Counsel, Cyber Expert Chuck Brooks shared the following insights and guidance for C-Suite executives.
You can read this article and more at: www.highperformancecounsel.com
The Internet was invented in a government laboratory and later commercialized in the private sector. The hardware, software, and networks were originally designed for open communication. Cybersecurity initially was not a major consideration. That mindset has surely changed due to the explosion of connectivity and commerce on the Internet. And also from the threats. A recent McAffee study disclosed that there was one new cyber-threat every three seconds in the fourth quarter of 2016.
Corporate board director roles have been traditionally reserved for those with expertise and leadership experience in management and best practices. Cybersecurity expertise historically has not been a primary concern for Directors. but it has become an evolving requirement for accountability in the era of digital connectivity.
The bottom line is that almost every type of business, large and small, touches aspects of cybersecurity whether it involves finance, transportation, retail, communications, entertainment, healthcare, or energy. Cyber-threats are ubiquitous.
The frequency and maliciousness (including Ransomware and Distributed Denial of Service attacks to networks) of cyber-attacks has become alarming. There are growing cyber-threats to corporate operations, reputation, and theft of IP that not only can affect stock prices, but the viability of a company.
The growing threat of data breaches from hackers has made cybersecurity a global urgency. According to IBM, the cost of an average data breach has now risen to about $4 million. According to Gartner, spending on cybersecurity to try to ameliorate data breaches is expected to reach $90 billion in 2017.
Dr. Chris Brauer, Director of Innovation in the Institute of Management Studies, sums up the state of cybersecurity for board members succinctly: “overcoming the threat boils down to two things: accepting that you will be breached (awareness) and the ability to do something (readiness).”
Targets of the increasing incidence of phishing and other types of social engineering breaches include many corporate giants, such as Target, Anthem, and Yahoo. Even the federal government has been targeted, most notably the breach at the Office of Personnel Management where 22 million personnel records were taken.
In spite of this, there is still a lack of awareness and specialized knowledge on most corporate boards. For example, according to a National Association of Corporate Directors (NACD) survey, only 14% of the board members queried expressed a deep knowledge of cybersecurity topics.
The cybersecurity landscape is complex, and it is extremely difficult to encapsulate all the various aspects that may confront a corporate board. Suzanne Vautrinot, President of Kilovolt Consulting and Major General and Commander, United States Air Force (retired), does provide a very good framework for addressing the landscape: “The board’s role is to apply the principles of risk oversight, to advise on strategy and help push to overcome challenges—in this case, cybersecurity gaps and challenges.”
Following that strong lead from General Vautrinot, I developed a condensed “cheat sheet” with themes to hopefully provide boards with insights and impetus to address the cybersecurity threat at the C-Suite level. The four themes include: risk management, responsibility, communication, and expertise.
Of course my cheat sheet is just a starting point. There is certainly room for more items and description. I highly recommend a new book written by Paul A. Ferrillo of the Weil Gotshal law firm and Christophe Veltsos of Minnesota State University, Mankato, entitled “Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives” for an in depth analysis of cybersecurity and corporate board issues. With the backdrop of the startling NACD survey that found 80% of boards’ members lack deep cybersecurity expertise, hopefully the issue of the lack of board cybersecurity competency will get more of the attention that is needed.
About High Performance Counsel:
High Performance Counsel is a leading trade publication in the legal and compliance sector. We highlight the individuals, organizations, strategies & technology solutions driving the next decade of leadership & advancement in law & legal services. It’s a great place to share thoughts, learn from others – and navigate the future of law with confidence. We created High Performance Counsel to be a sounding board for change and a leader-board for those who are taking the industry to new heights. We keep a close eye on the emerging field of legal technology and the players in it.
HPC Legal WIRE:
Most recently we have launched the HPC Legal WIRE – a ground-breaking newswire and media communications platform focused on the legal industry – allowing participants to share and gather information on the many participants in, and activities of, the sector on a daily basis. It is the most powerful digital platform of its kind – allowing pan-industry news, media sharing and following of key news and key participants. The HPC Legal WIRE is where the legal industry gets – and shares – its news within the sector and with the broader business community.
Learn more at: www.highperformancecounsel.com
About the Article’s Author & High Performance Counsel Contributor, Chuck Brooks:
Chuck Brooks is Vice President of Government Relations & Marketing for Sutherland Government Solutions. In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 450 million members. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering security and technology issues on Capitol Hill. In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.
END