Cybersecurity and the Board

In the past 12 months, we have seen one massive corporate security breach after another. Major retailers (Target, Home Depot, Neiman Marcus, Sony), e-commerce sites (eBay) and financial institutions (JPMorgan) have all been victims. 

Taken individually, digital security breaches serve as a warning for executives and security professionals to remain vigilant. However, when every major breach shares the same telltale strategy, it is a sign that there is something more fundamentally broken in enterprise security that must be addressed. 

There are several important similarities in these attacks, all suggesting that your company’s data security protections need stronger oversight.

Security looks for the first step, but misses the life cycle of an attack. Traditional online security structures attempt to detect and block malicious payloads (either a piece of malware or vulnerability exploit). In a modern attack, the initial compromise is just a means to a much larger end. The vast majority of security technologies are not designed to see the so-called “long con” of an attack. Even though the security industry continues to develop more and more advanced methods of detecting individual pieces of malware, there is still little ability to see the larger attack that follows the initial malware attack. 

There are infinite opportunities for security systems to fail. As computing and business have evolved, the “attackable” areas of enterprises have become nearly impossible to secure. Employees use mobile devices that are routinely outside corporate firewalls. Corporate applications and data are increasingly both inside and outside the perimeter. 

Online security has become incredibly complicated, and corporate directors may not even know the fundamental distinctions between the various types of online intrusions. 

Boards need to understand that they are supposed to be offering oversight on these risks as part of their fiduciary duties. They must ensure that there are internal controls in place to protect their corporation’s cyberassets. The stakes are high; a study found that up to $21 trillion in global assets could be at risk from cybercrime. A solid board structure is needed for monitoring and managing cyberrisk in the company.

To begin, I recommend a series of committee briefings so that “cybersecurity” is demystified and better understood. However, given the complexity and dangers involved, I think the time has come for boards to create dedicated cybersecurity technology committees. 

It is crucial that boards require management to present their policies on cybersecurity and request that management write up their security practices and standards and their protocol for responding to a security breach. Boards should be able to identify the manager responsible by title, and in what time frame he or she is to respond to an intrusion. 

In the event of a cyberbreach, the board should then schedule an update from the security committee on any forensic review. The company may need to disclose any data breach in SEC filings if the breach was material. Your board might be surprised to find out that a court considers failure to disclose a cyberattack as a “material omission,” according to some interpretations of new SEC guidance on disclosure.

Shaping Your CyberBoard

Board action items for cybersecurity:

” Management needs to encourage the board to fully embrace cybersecurity as a governance oversight responsibility. The board needs information and training on cybersecurity issues so they are not seen as too complex or technical, outstripping the board’s ability to exercise oversight. 

” The board should consider whether a change needs to be made in the way cybersecurity oversight is currently handled at the board level. Is there a need for a new security compliance committee? 

” The board may require new candidates with computer security backgrounds in the director nomination process. 

” Given the risk exposure involved, the board should work with the general counsel to determine the extent to which existing directors and officers” insurance coverage provides protection. 

” For the board to exercise effective oversight, directors will need an understanding of what matters are properly reserved to the CIO, what matters require board awareness and what matters require board/committee oversight, action and/or approval.

Boards must get out in front of cybersecurity and create clear policies to proactively address this very real risk. ?

Betsy Atkins is the founder of venture capital firm Baja LLC and former CEO and chairman of Clear Standards Inc. Her current board memberships include Polycom Inc., HD Supply, Darden Restaurants and Schneider Electric SA. Contact her at betsyatkins.wix.com/betsyatkins.

You May Also Like

Surfside luxury condo sees notable sales

Arte at Surfside is making waves. There’s, of course, the news that Ivanka Trump and Jared Kushner are renting at the 16-resident luxury condominium. And there’s the December penthouse sale

Up in the Air: A Discussion

In a dynamic region where residents are typically on the move, everyone is wondering about the health of the airline industry and the safety of airports and airplanes. Everyone is

South Florida Yachting Legend Passes

Robert “Bob” Roscioli, an icon in the South Florida marine industry, has passed away. Many recognize the name Roscioli from the widely-successful and world-renowned Roscioli Yachting Center, a full service

Four key steps

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”2/3″][vc_column_text] What a crazy time we are all experiencing. Right now, getting back to basics is most important. It is not and

Other Posts

Pandemic adds to worries about hurricane season

An above-normal 2020 Atlantic hurricane season is expected, according to forecasters with NOAA’s Climate Prediction Center, a division of the National Weather Service. The outlook predicts a 60% chance of

The difference between leading and managing

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”2/3″][vc_column_text] Leadership and management are often misunderstood as one in the same. They are not. Certainly, a good leader should be able

Flattening the housing curve in a pandemic

By Josh Migdal In the classic film Groundhog Day (and yes, it is a classic), Bill Murray’s character wakes up over and over again in Punxsutawney, Pennsylvania, reliving the same

Putting Hate in its place

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”2/3″][vc_column_text] Photography by Eduardo Schneider There are days, by his own admission, when the seemingly never-ending battles against hate, discrimination and extremism

Drew Limsky

Drew Limsky



Drew Limsky joined Lifestyle Media Group in August 2020 as Editor-in-Chief of South Florida Business & Wealth. His first issue of SFBW, October 2020, heralded a reimagined structure, with new content categories and a slew of fresh visual themes. “As sort of a cross between Forbes and Robb Report, with a dash of GQ and Vogue,” Limsky says, “SFBW reflects South Florida’s increasingly sophisticated and dynamic business and cultural landscape.”

Limsky, an avid traveler, swimmer and film buff who holds a law degree and Ph.D. from New York University, likes to say, “I’m a doctor, but I can’t operate—except on your brand.” He wrote his dissertation on the nonfiction work of Joan Didion. Prior to that, Limsky received his B.A. in English, summa cum laude, from Emory University and earned his M.A. in literature at American University in connection with a Masters Scholar Award fellowship.

Limsky came to SFBW at the apex of a storied career in journalism and publishing that includes six previous lead editorial roles, including for some of the world’s best-known brands. He served as global editor-in-chief of Lexus magazine, founding editor-in-chief of custom lifestyle magazines for Cadillac and Holland America Line, and was the founding editor-in-chief of Modern Luxury Interiors South Florida. He also was the executive editor for B2B magazines for Acura and Honda Financial Services, and he served as travel editor for Conde Nast. Magazines under Limsky’s editorship have garnered more than 75 industry awards.

He has also written for many of the country’s top newspapers and magazines, including The New York Times, Washington Post, Los Angeles Times, Miami Herald, Boston Globe, USA Today, Worth, Robb Report, Afar, Time Out New York, National Geographic Traveler, Men’s Journal, Ritz-Carlton, Elite Traveler, Florida Design, Metropolis and Architectural Digest Mexico. His other clients have included Four Seasons, Acqualina Resort & Residences, Yahoo!, American Airlines, Wynn, Douglas Elliman and Corcoran. As an adjunct assistant professor, Limsky has taught journalism, film and creative writing at the City University of New York, Pace University, American University and other colleges.