Even in today’s day and age, data security issues are sometimes (much too often, in fact) shuffled aside by C-suite executives who are stuck believing that network security is a concern for the IT department, not those who run the company on a day-to-day basis.
But last quarter’s revelation that the disclosure of two massive Yahoo data breaches in 2016 knocked $350 million off Yahoo’s several-billion-dollar acquisition by Verizon reminds us that cybersecurity remains as much a priority for a company’s Chief Executive Officer as it is for anyone else. Just like a failed product launch or increasing costs of production, the bottom line is that deficient cybersecurity affects, well, your bottom line.
Against the backdrop of their common-law fiduciary obligations, company board members already oversee the establishment of appropriate risk management programs. Whatever the risks are, boards are tasked with assessing and managing them for the benefit of the company and its shareholders. In this regard, cyber risk is no exception.
So how exactly does the topic get integrated into boardroom discussions? Proactively. After all, the last thing you want is a board hearing about cybersecurity for the first time in the wake of a data breach, regardless of size. A good start is to involve the board in the preparation (and regular review) of a data incident response plan, which should identify key team members (including at least one member of the board and not just the Chief Information Officer) who will spring into action to help identify, remediate, respond to and recover from a breach.
For any CEO still questioning whether to introduce cyber issues to the balance of the board, the proof is in the pudding. According to the Ponemon Institute’s 2016 Cost of Data Breach Study for the United States, board-level involvement reduces response costs in the amount of nearly $7 for each lost or stolen record containing personally identifiable information. With breaches affecting tens of thousands or hundreds of thousands of individuals becoming the norm, those savings matter. Just ask Yahoo. While its breaches (which affected more than one billion users) didn’t sink its deal with Verizon, they sure did take a bite out of it.