Cybersecurity. It’s going to the boards.
According to a recent survey by the Corporate Governance Practice of BDO Consulting USA, close to 60% of board members with publicly traded companies say they are now more involved in cyber security matters than they were just a year ago.
The survey, entitled “2014 BDO Board Survey,” queried 75 board directors of companies whose revenues ranged from $250 million to $1 billion. Among the prime topics broached and addressed in the survey were key business matters and business support services like compensation, tax inversions, time management and cyber security.
The results are hardly surprising, given the current climate online. More and more high-profile data breaches have ensnared and hampered more and more high-dollar companies (and even celebrities) in recent months – with cyber security breaches and hacker attacks affecting everyone from lower-end retailers like Kmart and Dairy Queen to exclusive entities like banking behemoth JP Morgan.
As a result, more than half of the respondents to the BDO Board Survey said they have authorized or spearheaded increased spending on cyber security compared to what the company spent in the previous year.
“There has been a plethora of well-publicized data breaches in the media over the past year and boards of directors are becoming more proactive on this topic,” said BDO Consulting Managing Director of Forensic Technology Services Karen Schuler. “It is certainly a positive that a majority of boards are becoming more involved and are increasing resources to combat this problem; however, it is troubling that more than a quarter of the board members report they are not briefed on information security at all. Although certain sectors of the economy are more likely to be the target of cyber-attacks than others, all boards should be engaged in cyber-security regardless of the company’s industry.”
Boards and board members may be increasingly involved in their companies’ cyber security matters in large part because – despite increased data breaching risks, cyber security attacks and resulting concerns – just 39% of companies currently employ anything like a “cyber security chief.” Most companies instead rely on their Chief Financial Officer, or CFO, to fill this role and perform its functions.
As big-time cyber attacks become more common and costly, it only makes sense for companies to become more focused on reassigning those duties from their CFO to a dedicated cyber security specialist. More than two-thirds of the survey respondents said they are briefed on cyber security matters at least once year, while just 25% receive such briefings on a quarterly basis.
The attacks directed at JP Morgan offer a particularly cautionary tale on this front, as they occurred after the bank’s chief information security officer departed earlier this year – while also taking other top security specialists out the door. This left the in-house security team at JP Morgan short on cyber security leadership for months, likely contributing to the costly breach.
Here at Be Different Solutions, we’ve blogged a good bit lately about the many sensitive issues surrounding critical business support services like cyber security in today’s fragmented, cluttered, at-times crazy ever-connected and always-online world.
Not only is it our opinion that the role of cyber security chief should never be filled by a company’s CFO, but we believe that it should never be staffed by anything less that the best available people. By best available, we certainly mean available, but we also believe strongly that this person should be intelligent, accountable, insightful, honest, resourceful and enthusiastic about their position and the role within your company.
If you choose to outsource cyber security or other business support services professionals and personnel with Be Different Solutions, you can do so with the confidence that you are getting qualified, quality and impassioned employees who are not only motivated and attentive, but also based in one of our two Europe- or U.S.-based offices. We know that having our people work from one central location dramatically improves and promotes not just strong security, but overall accountability and performance.