Page 60 - Cyber Warnings
P. 60
executive, a CFO should have significant oversight and guidance in these areas. They are no
longer IT-only considerations.
Security as a Stewardship Issue
The Board is ultimately responsible for data and intellectual property. If that is the case, then
treating cybersecurity as an exclusively IT issue is not just inappropriate but bad business as
well.
When it becomes the Board’s role to go beyond merely turning a profit and on to protecting and
overseeing a company’s assets—both tangible and intangible—then the most critical assets are
data, IP, reputation, customer trust and loyalty. As we see all too frequently, poor security can
undermine or destroy all of these and create a loss of value through unnecessary volatility.
Boards and executives, as stewards of their organizations, have a critical responsibility to their
customers, their intellectual property and their shareholders to ensure the safety and security of
their data and systems. This ultimately comes down to thinking about security as a stewardship
issue to be addressed directly by the Board.
Stewardship: Taking the Long View
Therefore, the CFO and Board members, must lead the charge in search of proactive
approaches to security. Although there are ways that security staff and organizations can
mitigate the damage resulting from increasingly frequent and sophisticated attacks, as the old
saying goes, an ounce of prevention is worth a pound of cure.
Some organizations still hold the notion that it costs more to secure their data than to
recover from a breach. This is not, however, a sustainable or responsible approach. Breaches
will become more frequent, attacks will become more persistent and sophisticated, and the
costs of reacting to these breaches will continue to increase. Clearly, brands, jobs and share
prices are all at risk.
The Board and the C-suite are responsible for three separate but interconnected elements of an
organization: the business itself, customer data and shareholder interests. Stewardship goes far
beyond making money or ensuring the financial success of an organization. It means caring for
the long-term interest of the company and thinking holistically about the diverse stakeholders
touched by the business. When it comes to security, though, the traditional stewards of the
organization are not always equipped with the necessary perspective, skills, or knowledge. The
wrong focus can, in fact, create a perfect storm of imperfect stewardship in which security is
viewed as a cost center rather than an essential element of risk management.
60 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
