Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Ellie Smith
June 14 — Over half of information technology and security executives, such as chief information security officers, will lose their jobs due to inadequate cybersecurity reporting, according to a Bay Dynamics report released June 14.
The report highlights the communication breakdown between IT executives and boards. Even though board members of large companies have begun to understand cybersecurity risks and are training themselves to improve their knowledge, the information provided may be too technical for some to understand, the report from the New York-based cybersecurity risk consulting company said.
For example, 97 percent of board members surveyed said they know exactly what to do or have a good idea of what to do with the cybersecurity information they are presented, but only 40 percent of IT and security executives believe the information they provide to the board is actionable, the report said.
Boards of major companies have added sessions to meetings about cybersecurity, and members have found ways to educate themselves on the topic, Mitchell Silber, Senior Managing Director of FTI Consulting, told Bloomberg BNA. Dealing with cybersecurity is an “evolving process” for large companies, as technology changes faster than companies can keep up with it, he said.
“In this day and age, board members realize” that cybersecurity issues “have fiscal implications,” Silber said.
Steven L. Caponi, a corporate and intellectual property partner at K&L Gates in Wilmington, Del., told Bloomberg BNA that class action data breach litigation will push boards to create in-depth cybersecurity strategies in the next two to five years, if they have not already.
With the communication discrepancy between boards and IT executives, there is room for improvement in the oft rocky relationship.
Companies must take into account the potentially substantial cost of replacing high-level IT and security officials or of investing in a stronger cybersecurity risk communication flow.
Directors may be viewing cybersecurity issues through the wrong lens.
Caponi said that boards assume cybersecurity is a technology issue, even though they should approach it as a separate security topic. This misclassification can lead to a communication breakdown with IT and security executives, he said.
“If it’s being treated as a technology problem, when the presentations are made, they're heavy with technology terminology. If you aren’t familiar with those terms, you gloss over,” Caponi said.
Board members are often focused on making information accessible within a company, but cybersecurity is about restricting access to information, he said. Directors will have to “bend the curve in the other direction” to take action on cybersecurity measures, Caponi said.
Peter Gleason, president of the National Association of Corporate Directors, told Bloomberg BNA that to combat the technology knowledge gap boards of some companies are adding members with experience in data security.
Although technology-related businesses already have board members with network security backgrounds, all companies today need to understand cybersecurity risks, Gleason said. Employees with this background may help companies adjust to the particular cybersecurity challenges they face, he said.
“Everything has to be adapted to that company and the situation that it is in,” Gleason said.
If companies don't have cybersecurity-fluent board members, the IT and security executives who report to the board must “keep them abreast” on network security risks with clear presentations, Gleason said.
Ryan Stolte, chief technology officer at Bay Dynamics, said that although companies are “headed in the right direction” in dealing with cybersecurity risks, they should set cybersecurity standards.
“Companies need an objective, industry standard model for measuring cybersecurity risks so that everyone is following the same playbook and making decisions based on the same set of requirements,” he said.
To contact the reporter on this story: Ellie Smith in Washington at email@example.com
To contact the editor responsible for this story: Daniel R. Stoller at firstname.lastname@example.org
The Bay Dynamics June 14 report is available at http://src.bna.com/fRT.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)