Cybersecurity: Boardroom Implications

Cybersecurity has become an urgent concern for companies—regardless of size or industry. Data breaches and other cyber threats pose significant competitive, reputational, and litigation risks and require increasingly costly investments in detection and mitigation.

Cyber criminals are stealing up to a terabyte of data each day, resulting in global losses in the hundreds of billions of dollars. In just four years, the average annualized cost of cybercrime to an organization has risen 78 percent. Further, the average time required to detect and respond to a cyber attack has increased by nearly 130 percent.

To help board members address this critical topic, the National Association of Corporate Directors (NACD), Protiviti, and Dentons organized a series of roundtable discussions across the country. The meetings convened three diverse groups of directors with experts in the field of cybersecurity. The purpose of the discussions was to address how cybersecurity is currently challenging boards, frame the key issues of which directors should be aware, and pinpoint areas necessitating guidance with future discussions.

Cyber threats take many forms, and the response to those threats is unquestionably a management-level responsibility. As such, the roundtable discussions focused on implications for the boardroom: how directors can effectively oversee cybersecurity risk, the necessary processes and policies to protect sensitive networks, systems, and data from unauthorized access or attack, and the potential for financial and legal problems created by cyber threats.