Cybersecurity is a Governance and Risk Management Issue

In the face of numerous major data breaches with significant financial losses to companies, executives and corporate boards are now treating cybersecurity as a governance and risk management issue. This means treating cybersecruity the same as other risks, like safety, by examining it carefully and responding appropriately.

The first step is understanding the nature of the data at risk. Consider how it’s used, who uses it, who sees and manages it, how it is stored, and understand that the precise risk may be in large part related to the particular business the company is in.

Once the data is known, be clear on who is charged with protecting it. At public companies, cybersecurity must be a recurring item on the board agenda. Having a board that’s knowledgeable and engaged regarding cybersecurity will help set the tone and instill a culture of accountability.

If third parties share data that you collect, create and vet contracts to confirm those parties have acceptable protections in place. This can make the difference in avoiding liability. Engage knowledgeable counsel in drafting contracts. Have a forensic plan in place to resolve a breach, and a business continuity plan that includes a crisis management professional who is ready to handle the fallout with customers.

There is no magic bullet to prevent data breaches, but good governance and risk management practices will help limit them, and where a breach occurs will help the company survive the aftermath.