Cybersecurity now tops boardroom concerns


If data security and privacy aren't front and center on your radar, they better get there quick. A new study finds that data security is now the number one concern in the corporate boardroom.

FTI Consulting has just released its Law in the Boardroom Study, and shared highlights of the study in an email to FierceCIO. Nearly 500 directors and general counsel participated in the study.

"Data security topped both directors' and general counsels' lists of worries, outranking 2013's top concern of succession and leadership transition," FTI Consulting said. "As hackers get better at their exploits, corporate security is failing to keep up, resulting in the main thing keeping directors up at night."

Results of the study were also summarized this week in the FTI Journal, in an article entitled "Managing Cyber Risk: Job #1 for Directors and General Counsel." The study was conducted with New York Stock Exchange Governance Services, and led by Tom Brown, senior managing director and Neal Hochberg, global practice leader of forensic and litigation counseling, both at FTI Consulting.

"The risks that come along with the digitation of business (and everything else) are multiplying, as are the costs of protecting against and remediating the impact of cyber-attacks and data breaches," the study says. "This year, information technology cyber risk oversight was chosen by 41 percent of directors and 33 percent of general counsel as an issue upon which they will spend significant time, appreciably more than last year's 28 percent for directors and 27 percent for general counsel."

The report also cites data from the Ponemon Institute's 2013 Cost of Cyber Crime Study: United States, which reported that the average annualized cost of cybercrime in 2013 was $11.6 million per company studied, with a range from $1.3 million to $58 million. To put that in context, the average annualized cost in 2012 was $8.9 million.

"This 2013 cost figure represents a 30 percent increase over 2012--little wonder that cyber risk has risen to the top of what keeps directors up at night," the report says.

The bad news for CIOs is that not only do an increasing number of directors and general counsel worry about the rising level of cybercrime, they also worry about IT's ability to defend against it.

"Indeed, 34 percent of general counsel and 27 percent of directors are not convinced their company is secure from hackers," the report states. "What may be even more troubling is that a quarter of both directors and general counsel surveyed believed their company is secure despite the fact that the Ponemon study found that the 60 U.S. companies it surveyed reported two successful attacks per company per week, an increase of nearly 20 percent over 2012's rate."

Reflecting on the research results, Brown noted that "Cyber risk's pervasive nature presents an existential threat to the operation, reputation and bottom line of virtually every company, regardless of industry. The priority that board members and general counsel place on cyber security and data protection not only reflects this reality but is entirely in line with our experience assisting clients to address this threat."

For more:
- check out the "Law in the Boardroom Study" report
- read the "Managing Cyber Risk" article

Related Articles:
Senate panel okays cyber information sharing bill [FierceITSecurity]
Corporate boards scrutinize cybersecurity efforts [FierceITSecurity]
Study details most needed IT security skills