Breakfast session – Cybersecurity: a board-level concern
Cybersecurity is more than an IT issue — it’s a material concern that demands the board’s attention. As such, boards must address it and ensure that it’s mitigated effectively.
Panelists noted that boards need to remain transparent, be clear about metrics, understand who’s assigned to report to the board and make sure they have the resources to deliver. In turn, information security groups need to thoroughly understand the business and the risks they face before making recommendations to combat cyber threats.
It’s important that security groups communicate with divisional leaders to understand concerns. This will inform cybersecurity planning and improve its overall effectiveness. Cybersecurity is a cultural issue requiring top-down expectations — everyone plays a role in mitigating cyber risk. Low-cost training programs are an effective way to reach the audience that can unintentionally unleash many threats: employees.
A multi-stakeholder, multi-faceted issue, cybersecurity can affect the entire company by interrupting business, creating bad press and harming a brand. Become resilient – it will enhance your business processes. But it’s dependent upon addressing cybersecurity proactively rather than reactively.
Cybersecurity: a board-level concern
Ernst & Young LLP
Arthur Lessard is SVP/Chief of Information Security for Universal Music Group, responsible for information security governance, external threat management and security operations for the global organization. This includes protection of intellectual property and other critical business information as well as leading efforts to protect public-facing properties such as the company’s 2,800 websites. In prior roles Arthur was Chief of Information Security at Mattel, VP of Worldwide Security and Network Infrastructure for Technicolor, and Director of both Information Security Governance and Architecture at The Walt Disney Company. He received his PhD from UCLA in Computer Networking and has developed and taught undergraduate information security courses.
Ashwin Rangan was most recently Chief Information Officer (CIO) of Edwards Lifesciences, the leader in the science of heart valves and hemodynamic monitoring. Before Edwards, Rangan was the Chief Products Officer for MarketShare and was a consultant with Bank of America. Prior, Rangan was General Manager and CIO of Wal-Mart global.com. Before that, he was CIO of Conexant Systems, a Rockwell International spin-off. Rangan serves on the board of advisors of a handful of young companies. He authored a book entitled Tomorrow’s CIO: Strategic Conversations that Align IT with the Board Room.
A leading authority on cybersecurity, encryption and biometrics, Saito was recently selected by the Nikkei as one of the “100 Most Influential People for Japan.” In 2012, Saito was named a council member on national strategy and policy reporting directly to the Prime Minister of Japan. From late 2011, he was the CTO of the Fukushima Nuclear Accident Independent Investigation Commission. A foundation board member for the World Economic Forum, Saito advises national governments, teaches and is a commentator on TV. The best-selling author’s book The Team: Solving the biggest problem in Japan was published in 2012 by Nikkei BP
As Chief Information Security Officer for Caterpillar Inc., Mike Zachman has global responsibility for information security and is currently leading the enterprise’s Information Security Transformation program to dramatically improve Caterpillar’s capability to complicate, detect and respond to information security risks. Mike joined Caterpillar in 1988 and has performed many roles in Information Technology (IT), including two assignments in Europe. Mike also spent several years within Internal Audit, where he led efforts for Caterpillar IT to become SOX compliant. Mike holds a BS in Management Information Systems from Millikin University and an MBA from Bradley University.