The advent of new technologies and an ecosystem of digital interconnectedness significantly increase an organization’s exposure to theft of its most valuable assets, which include confidential customer data and vital information such as intellectual property and strategic blueprints. Preparedness is the first line of defense. Yet only 7% of organizations claim to have a robust incident response program that includes third parties and law enforcement and is integrated with their broader threat and vulnerability management function. [2]
The emphasis for boards will be to make sure that companies are shoring up critical infrastructure, enhancing crisis response and mapping a strategy that emphasizes a good balance of preventive and responsive tactics. This means being able to efficiently guide an organization through the layers of risks and threats, and boards should appropriately set the risk appetite and be prepared to swing into decisive action to handle any incidents.
Boards accept that the risk of a cyber breach needs to be continually managed, and adequate preparation that enables an organization to get back up and running quickly following an attack will be a key consideration for boards.
Knowing where the vulnerabilities lie is vital. Boards will continue to confirm that companies have a system and backup plan that facilitates data migration in a crisis. They will also need to make sure that their organizations firm up relationships with federal investigating authorities, who can move swiftly in response to attacks and minimize exposure and damage.