English
Specials
    Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeNewsTechnologyRecognising cyber risks in the boardroom

    Recognising cyber risks in the boardroom

    Over the last few years, there has been an increase in incidents of cybersecurity breaches with the increase in economic activities.

    December 04, 2018 / 20:19 IST

    By  Anand Venkatraman 

    The Kotak Committee Report on Corporate Governance requires organisations to enhance the scope and periodicity of their core board committees to specifically internalise the process of identifying cyber risks.

    Additionally, it now requires the top 500 companies to look into this as a mandate, and calls for an emphasis on cybersecurity concerns as part of the risk management committee review. In its recent circular addressing the banks, the Reserve Bank of India (RBI) has mandated awareness training programmes for the top management and board of directors to familiarise them with relevant cybersecurity concepts.

    The changes in regulatory requirements demonstrate the active interest of
    regulators to ensure the management of cyber risks across business ecosystem, and underline the importance of cybersecurity in the board room discussions.

    Over the last few years, there has been an increase in incidents of cybersecurity breaches with the increase in economic activities. The tangible impacts of a cybersecurity incident includes both financial and reputational damages such as stolen funds, data, damaged systems, regulatory fines and legal fees, loss of competitive edge, business partners and customer trusts.

    Related stories

    Given that the stakes are high, strengthening Cyber Security capabilities has become the top most priority for many organizations and their stakeholders today.

    Though everyone plays an important role in retaining the status of cybersecurity in the organisations, the members of the board have a critical role to play from a governance perspective.

    The underlying question here is – What are the roles and responsibilities of the board members in ensuring effective management of cyber risks?

    While the internal audit teams, and the statutory auditors work towards incorporating cybersecurity as one of key reporting areas, the board and the top management should be more proactive in identifying and managing the risks associated with cybersecurity.

    The starting point for this is to incorporate cybersecurity as a key element of enterprise risk management framework.

    To manage the cybersecurity risks, organizations (board and management) should ask themselves the following key questions:

    - Ownership: Is there a proper ownership for Cyber Security risks within the organisation?
    - Right Talent: Have we built the right skills, experience and talent, accountable for Cyber
    Security within the organization?
    - Resources: Are we making the right investments in Cyber Security technologies and how
    are we measuring the effectiveness?
    - Organisational Culture: Do we have a cyber-focused mindset and cyber-conscious culture across the organisation?
    - Third Party Risks: What have we done to protect the organisation against third-party cyber risks?
    - Measurements: How efficient and effective is our cyber risk program?
    - Strategic: Is our cyber risk program aligned with business, is agile and future ready?

    There are multiple frameworks and standards available today that might help boards and management answer some of these questions.

    However, it is responsibility of the board to ensure such framework or standard is adopted and implemented within the organisation. Boards should also look to identify the crown jewels of the organisation that is critical to the business and ensure those crown jewels are protected appropriately against cyber threats.

    Amidst the fourth industrial revolution with technology breakthroughs in fields such as artificial intelligence, robotics, quantum computing, additive manufacturing etc., are leading to integration of physical, digital and biological realms.

    This new integrated ecosystem is not only enriching human life but also increasing the cyber security risks. Organisations must upgrade their abilities to manage cybersecurity risks to ensure their transformation in this fourth industrial revolution is sustainable in the long-term.

    Thus, it is imperative that the board and top management of organisations evaluate cyber risks strategically to ensure long-term sustainability.

    (The author is Partner, Deloitte India)

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    first published: Dec 4, 2018 08:19 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347