Cyber and Emerging Boardroom Risks
In 1955, the famous author Issac Asimov wrote a book titled ‘Risk’. The book was about how robots were needed to take on a dangerous experiment to safe guard humans. But as the story progressed, the team realized that the ill-programmed robot had put the mission at risk, and finally a human intervention became a must to save the mission.
Snap back to today! Digitization, Automation, Artificial Intelligence (AI) and Machine Learning are a few of the buzz words we all are hearing with the hope that they will lead to a better planet someday. And like in Asimov’s story, though the mission is progressive, the biggest risk in all of these is not the machine itself, but the humans programming the machine.
Cybercrime represents the dark side of digitization, and is the mastermind of extremely smart individuals. In today’s day and age, that’s where the board has a major role to play. We need smarter humans to deal with smart humans!
The role of the board has changed over the past 5 years:
1. While it is the management’s job to handle the day-to-day running of the business, the role of the board has moved from being 90 percent fiduciary (focusing on accounts and audits) to 75 percent strategy and risk management.
2. Off all the risks that the board oversees, Cyber Security has emerged as a central theme across all large and mid-sized corporations.
3. The board of today is not only focused on mitigation strategies, but also strategies to cover the liability arising from this menace.
4. Apart from the Intellectual Property (IP), data (personal or corporate) loss, the board is equally focused on preventing reputational damage to the brand.
Reputation is one of the most valuable and fragile assets of an organization—according to a study by World Economics. On an average, approximately 25 percent of a company’s market value is directly attributable to its reputation. A good reputation built through years of dedicated effort can be destroyed almost overnight, especially in today’s world where an organization’s customers, operations, supply chains, and internal and external stakeholders are scattered globally and connected via technology.
The advent of new technologies and an ecosystem of digital interconnectedness significantly increase an organization’s exposure to cyber theft. As a result, cyber and reputation risks have become top concerns for all boards and organizations.
It is prior knowledge that it is only a matter of time before every organization is hacked. With Cybercrime now available as a service, anyone can ask for a company to be attacked or themselves become a hacker just by watching online videos. Anyone can buy exploit kits from the dark web, pay with bitcoins, and to top it all, the customer service across these channels is actually better than most service providers!
The window for responding is very narrow and organizations have to very quickly demonstrate that they have taken control of the situation if they are to protect their reputation. Yet only 7% of organizations claim to have a robust incident response program that includes third parties and law enforcement and is integrated with their broader threat and vulnerability management function. The emphasis for boards now includes making sure that critical security infrastructure is in place, enhancing crisis response and strategies that emphasizes a good balance of preventive and responsive tactics.
Technology is making boundaries between industries more porous and people are spending more time on the internet than on any other media, providing opportunities for attacker models. While understanding the future impact of technologies is the management’s responsibility, boards should ask management for their perspectives on how the organization is handling the strategic risks related to technology and digital disruption today.
Some organizations are creating new technology forums, building the expertise of corporate directors, and strengthening IT governance— all with the aim of allowing boards to guide management by asking the right questions about technology and its impact.
In summary as, Ravi Venkatesan, Chairman of Bank of Baroda and former Chairman, Microsoft India, said in his recent blog, “The world is at the beginning of a revolution where there are huge advances in genomics, artificial intelligence, materials, and manufacturing technologies. Machines are closing in on human ability with astonishing speed. Robots are replacing humans not just on factory floors but also in homes too. Reusable rockets promise to make space travel, and colonies on Mars and the moon a reality. Possibly in our own lifetime we will reach a point called “Singularity” where machines become as smart as humans and then keep getting smarter. We will soon be able to edit genes to create favourable traits and new life forms. Science fiction is giving way to reality.”
Though I am very optimistic about our connected future, the question we need to ask, “Are the board’s asking all the right questions and are we as organizations ready to deal with the risks arising from this revolution?”