Digital in our lives is the new norm What questions should boards be asking?
The world of digital, is not just linked to companies or inanimate objects – it touches each one of us every day. From the time you wake up till you go to bed, you are connected and continuously connecting, smart phones, tablets, smart watches and cars with SIM cards. Smart products are all around us, from TVs to coffee machines and fridges, and the list goes on.
Although smart devices connected to the internet will make lives simpler, they are also likely to expose individuals and organizations to cyber threats. Increased use of technology and globalization are also key sources of competitive advantage. I believe organizations that pull back from these drivers to try and protect value will likely fall behind, while organizations that find better ways to manage cyber risk can power superior performance through increased use of technology and globalization.
Cyber risk is a top-tier issue
In a rapidly changing world, the board and C-suite increasingly realize that cyber risk must be treated as a top-tier business risk, requiring a level of awareness deeply embedded in the culture of the organization. A key step on this journey is understanding the current state of the organization’s cyber capabilities.
In my view boards of directors have a key responsibility to take a more active role to ensure that management protects their digital assets from cyber risk and maximizes their value.
Organizations should take it upon themselves to educate their staff, their management and their boards about cyber threats. Boards should strongly consider including digital and cyber minded members onto the Boards. It is time that Boards, and not only management, increased their cyber strategic appetite.
Management should analyze whether cyber security is well positioned within their organizations, with the lightning speed at which the digital world is evolving the cyber security leaders must have a “seat at the table”. In other words, cyber security should report direly to the CEO and learn to speak the top management’s language.
Here are 3 critical questions boards should be asking:
1) Do we have the right leader, organizational talent and operating model?
2) Are we focused on, and investing in, the right things?
3) How do we evaluate the effectiveness of our organization's cyber risk program?
Writer: Karthi Pillay is a Partner in the Risk Advisory Practice in Finland, where he leads the Cyber Security services. This text is based on Deloittes study (2017): Assessing cyber risk – Critical questions for the board and the C-suite.