Your Custom Text Here
As board become more mature in understanding cyber risk, they will be compelled to get more involved in cyber-mitigation to ensure comprehensive mitigation plans are in place. This post explores two emerging key mitigation measures: cyber resiliency and cyber liability insurance coverage. Do you have a clear understanding of your cyber mitigation plan?
https://www.linkedin.com/pulse/next-focus-boards-cyber-security-mitigation-josee-morin?published=t
A very interesting opinion by the NACD arguing that cyber threat are as complex, require as much expertise and attention and have as large impacts as financial risks. Because of this, like financial risks require an audit committee, Cyber risks warrant the creation of a separate committee of the board, of which the CISO is a member, and that can receive support from outside advisors to ensure the board adequately meets its oversight responsibilities. What do you think?
http://boardleadership.nacdonline.org/rs/815-YTL-682/images/The%20Director%27s%20Chair.pdf?mkt_tok=3RkMMJWWfF9wsRonsqnPZKXonjHpfsX57%2BsvWKG%2BlMI%2F0ER3fOvrPUfGjI4DScFlI%2BSLDwEYGJlv6SgFQrHAMbl01rgLUxM%3D
This article centered around the insurance company industry describes 7 steps to be followed to improve cybersecurity programs: enhance management oversight of cybersecurity, identify critical business processes and assets, provide oversight for third party relationships, improve incident response processes, integrate and align enterprise risk management (“ERM”), evaluate the second line of defense (i.e., compliance department), establish cybersecurity training and awareness program. These guidelines apply to all types of companies and can be used by directors to make certain they ask questions on all key activities related to cybersecurity.
http://corpgov.law.harvard.edu/2015/09/26/cybersecurity-enter-insurance-regulators/
I am honored that my career as a diverse corporate director was recognised this morning in the news. I was nominated as LeSoleil- Radio-Canada laureate of the week for being part of Diversity-50 2015
Interesting to compare how your board is doing on the different topics surveyed in this report: strategic discussion, risk oversight, capital allocation strategies, social media policies, big data, cyber-security.
The preparation of a cyber-breach response plan is a key component of the risk mitigation plan. It should include constituting a multi-disciplinary response team, gathering all documents related to incident response, reviewing legislation and finally building the plan that includes post breach communication.
The cyber-breach response plan must be carefully planned, action-oriented and it should clearly define the roles and responsibilities in executing the plan. To be efficient it has to be regularly re-visited, with changing company strategies and assets to protect.
After reading these troubling survey results on risk and compliance demonstrating how confidential data is protected enough, it is difficult to believe that a first-ever cybersecurity report by AT&T (http://www.business.att.com/content/src/csi/decodingtheadversary.pdf) found 75% of companies don’t involve their full boards in cybersecurity oversight, saying it is an IT issue and not a core business concern. Do you, as a corporate director, feel cybersecurity is not a core business concern?
http://blogs.wsj.com/riskandcompliance/2015/10/02/survey-roundup-a-critical-look-at-board-debate/?mod=djemRiskCompliance
I had the pleasure of being selected by the Canadian Board Diversity Council as a 2015 Diversity 50 nominee. The CBDC identifies qualified, diverse candidates for corporate board of director appointments and creates the definitive resource of diverse, board-ready corporate leaders. This prestigious appointment confirms my corporate leadership and helps expand my network across Canada. I will be in Toronto on October 15th for the Diversity 50 launch event, contact me if you would like to meet me there. I encourage all corporate directors that represent diversity to apply to the 2016 call for nomination that will open in the spring of 2016. https://www.boarddiversity.ca/diversity-50
The role of the CIO is changing, as IT becomes engrained in the business value proposition. The dynamics of the board will also change as more significant strategic discussions will involve not only the CEO and the CFO, but the CIO as well. Board member will have to become better versed in IT related discussions and the board will have to be more diverse and include people with stronger digital backgrounds.
In this recent article, you will understand how and why the IoT is impacting your role as a corporate director, even if you are on the board of a more traditional business. This will alert you to the fact that you need to start understanding how IoT is enabling new business models and technologies and that you need to stay abreast of its development to participate in your oversight role.
The only way for a board to understand digitalization is to use digital tools and services. This very interesting example from Finland demonstrates the role of the board in being ahead of new trends and technologies to set the tone in the need to innovate. It also shows the high price to pay if the board does not. It is also one more reason in favor of diversity at the board, here to include forward thinking individuals. It`s conclusion is make certain your board tweets, do you agree?
https://www.linkedin.com/pulse/board-never-tweeted-tuomo-virkkunen?trk=prof-post
Only 10% of Fortune 50 CEOs regularly Tweet. The most important reason for CEO to actively use social media is that it helps to share with all stakeholders the company values and influence culture from the top down. It will also ensure social media, where many of their customers spend part of their lives, becomes part of the culture. And a CEO that really understands and influences his company culture will help lower risks. Here are 5 more reasons CEOs should do it. Do you think that, for the same reasons, corporate director should also be involved in social media?
http://sabguthrie.info/2015/07/30/5-reasons-ceos-should-be-social-leaders/
This report shows that strategy, not technology is the key driver of success in the digital arena. And the strategy needs to be supported by leaders who foster a culture able to change and invent the new. But more interestingly it highlights that risk taking is becoming a cultural norm in business in the digital age. This is impacting corporate director in their strategic oversight and risk management roles
http://sloanreview.mit.edu/projects/strategy-drives-digital-transformation/?utm_source=twitter&utm_medium=social&utm_campaign=dlrpt15
I am speaking on a panel at Women Get on Board in Toronto June 10th 2015
I will have the pleasure of speaking at a WGOB event on June 10th at the Varity Club on the topic of networking. As you know being networked and maintaining your contacts is something I value. I will give advice and opinion on how and why corporate director have to stay connected to a diversity of individuals and businesses. Please join us and hear me speak if you are in Toronto on that day.
© Josée Morin, 2020
