2 minute read 25 Jan 2021
Young man working at home

Why cyber resilience and data privacy should lead private board agendas

As businesses increasingly rely on digital, boards must be proactive against cybersecurity risks.

In brief
  • As the world continues to respond to the global COVID-19 pandemic, private boards must prioritize cyber resiliency and stakeholder trust in data privacy.
  • Most private board members are not experienced in cybersecurity but must become aware of the potential challenges ahead.
  • EY hosted a webcast which addressed some of these challenges and the leading practices in board oversight of potential cybersecurity risks.

Private boards are tasked today with what appear to be herculean responsibilities. The turbulent environment has intensified oversight across a broad array of operational activities, underscoring cybersecurity in particular.

Recent events have accelerated digital transformation, induced widespread remote working, and increased reliance on third parties. This new dynamic environment expands opportunities for cybersecurity incidents and risks, requiring boards to be proactive rather than reactive. Now, more than ever, boards must consider cyber resiliency and stakeholder trust in data privacy as strategic imperatives.

EY teams hosted a webcast addressing the latest challenges and leading practices in board oversight of cybersecurity risks. The panel included esteemed directors from the boards of Fortune 500 companies and EY cybersecurity leaders. An interesting poll was conducted during the webcast and responses serve as a wake-up call to private boards everywhere.

  • Just 22% were very confident in the board’s understanding of the company’s most significant cyber threats and vulnerabilities, and the related potential impacts. 65% were only somewhat confident.
  • Only 33% said the board has participated in simulation exercises against its most significant cyber threats and vulnerabilities in the last 12 months.
  • 53% have not independently engaged a third party to review the effectiveness of the organization’s cybersecurity risk management program.

How EY can help

Cybersecurity, strategy, risk, compliance and resilience

EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.

Read more

Most board members are not versed or experienced in cybersecurity. So, how do they know what actions to take to protect the organization in today’s climate? The panel shared great insights to help boards fulfill their oversight duties. Here are some of the key takeaways:

  • Consider all of the factors impacting cybersecurity risks, such as the new workforce environment, cyber talent gaps, and supply chain vulnerabilities.
  • Look at third parties. Supply chains and other third parties can be a vulnerability. Cyber criminals look for back doors, such as suppliers who do not have the defenses or technologies of larger companies.
  • Understand the organization’s cybersecurity “value at risk.” Look at potential threats, the level of the organization’s vulnerability, and the potential impacts (financial, operational, legal and/or regulatory), and quantify potential losses for more informed cyber strategy and investments.
  • Be prepared and proactive – prioritize rapid threat detection and effective response. Utilize simulations and exercises, and understand the cyber escalation process, i.e., when and who is notified about breaches and incidents.
  • Build stakeholder trust by being transparent about risk mitigation and response efforts.

“I believe boards should both self-police and use third parties. Like, many things, fresh eyes may see opportunities and vulnerabilities in even the best cybersecurity programs,” says panelist Linda Gooden, Board Member, General Motors Company, The Home Depot and Washington Gas Light Company.

Watch the webcast to glean more insights on how to best navigate cybersecurity oversight in today’s rapidly changing world.

Summary

Businesses are becoming even more reliant on digital technologies to allow work to continue, such as through increased remote working. Although digital provides solutions to many challenges, with it comes an increased risk of cyber security. Private boards must be prepared for any potential challenges and these useful tools can help. 

About this article

Related topics Cybersecurity Private Business Private Client Audit Experience
Upvote