Increased Cybersecurity Risks Are a Threat to Corporate Governance
Although common risks such as those involving a company’s finances or compliance are prevalent, cybersecurity risks must also be considered in making key business decisions.
Technology evolves daily, and so do the risks associated with it. According to Accenture’s latest State of Cybersecurity Resilience report, surveyed businesses experienced an average of 270 attacks in 2021, a 31% increase compared to 2020. Successful attacks also increased.
This growth is the result of many factors, including rapid innovation. According to Gartner, attack surface expansion is a risk affecting many businesses across the globe.
Enhanced Risk: Remote Work
One of the key motivators behind the attack surface expansion is the rise of remote work. Home and mobile devices are now being used for business purposes, and employees connect to outside networks without knowing if they’re secure. This doesn’t even address the fact that sensitive or confidential materials are often being sent in emails or text messages using unsecure devices and unsecured networks.
Unfortunately, many businesses were unprepared for the switch to remote-based work, resulting in increased attacks. Outdated security policies and a lack of security awareness for employees are two factors that are to blame.
These factors lead back to a lack of focus on cyber risks within corporate governance.
How Cybersecurity Affects Corporate Governance
Cybersecurity should be a top priority within any governance strategy. After all, cyber risks affect nearly every aspect of corporate governance. Of course, the most obvious impact is within the company’s security posture. However, other effects exist within crucial areas of governance that must be addressed.
For example, cyber-attacks directly impact a company’s finances, which are at the heart of corporate governance. According to IBM’s Cost of a Data Breach report, the average cost of a data breach increased by 2.6%, from $4.24 million in 2021 to $4.35 million in 2022. This is also an increase of 12.7% when compared to 2020.
Other intangible costs are also involved, such as impaired business reputation with consumers and investors. These intangible and financial losses can potentially be detrimental to many organizations, especially SMBs.
Another key area of impact is business operations. Standard cyber-attack methods, such as the use of malware, can completely disrupt a company’s operations. The resulting downtime can lead to many consequences, such as a loss of revenue and negative customer experiences.
These impacts can be combated by prioritizing cybersecurity within corporate governance strategies. Boards must take the time to understand and define organizational cyber risks and their potential impact.
They must also consider cybersecurity when making critical business decisions and ensure adequate resources are available to mitigate risks, from software tools to employee training.
The Bottom Line: Cybersecurity Is More Than a Tech Issue
Cybersecurity is often viewed as a tech-specific issue that is best handled by the CTO and others responsible for managing a company’s technology. This is a dangerous misconception—cybersecurity is a company-wide risk management issue and must have a place within the boardroom.
Doug R. Griess, J. Aaron Atkinson, and John T. Snow of Hackstaff Snow Atkinson & Griess, LLC are top Denver business attorneys with expertise spanning various industries. Specializing in business law, litigation, intellectual property, tax law, and dispute resolution, the firm offers an in-depth understanding and knowledge of general corporate rules and regulations and is a trusted resource for business owners throughout Colorado.