Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Cyber attacks on businesses are now weekly news as breaches of data are announced regularly. However, until recently many corporate executives did not understand or share the view of its importance of addressing Digital Risk at the Board level. The Board’s role in understanding and monitoring digital and cyber risk has been highlighted by a multitude of lawsuits alleging Boards were asleep at the switch in the face of a known danger.
Executives and Boards at all companies, especially public companies, face mounting pressure to consider what a worst-case cyber event would look like and how that event would be handled. What corporate governance structures would kick in? What will the legal fallout be —whether it is privacy litigation, shareholder suits or criminal investigations? To fully grasp the magnitude of such risk, Boards must address specific questions and implement effective policies that protect their customers, their organizations and themselves. In some states and countries, Board members may be personally liable for cybersecurity gaps and experts foresee that personal liability will only accelerate.
Board of Director members are responsible for ensuring the corporation is managed in the shareholders’ best interest including:
To demonstrate that a Board has properly discharged its duties, it must work with management to ensure proper teams have organized plans to prevent and respond to any breaches. Therefore, a company must constantly assess cyber risk trends and threats. Just because nothing appears to be happening on a daily, weekly, monthly or annual basis, does not mean an incident may not occur.
The business judgment rule is a legal principle protecting officers, directors, managers and other agents of a corporation from liability for loss incurred as a result of business decisions that are within their authority and power to make when sufficient evidence demonstrates that the transactions were made in good faith. To ensure protection under the business judgment rule, it is wise to have regular presentations for pertinent committees to provide updates on trends and threats, and to ensure that your security IT practices are up to date.
The right answer does not start with a dollar figure, but companies should work through a Digital Risk management process. As a publicly listed company, you can no longer take an ad hoc approach, basing your budgeting decisions on trial and error, or reacting to problems as they arise instead of proactively approaching a security framework. This process is monitored and repeated (both internal networks and the external environment where your assets may have leaked through malicious actions or unintentionally lying in the open) and shortcomings addressed over time. This simple yet time-consuming process is undertaken by not only large public companies but also midmarket and small businesses who face the same cyber risks but typically with fewer IT security resources. With cybercrime advancing at unprecedented levels, companies must proactively implement a security risk management framework, develop technology internally, hire or outsource security professionals commensurate with your risk, train all employees on security awareness, and have a real-time incident response playbook that balances digital threat intelligence and risk mitigation.
Want to learn more around GDPR and your team’s role in compliance and digital risk management? Download our latest report, “The Path to GDPR Compliance”.
Subscribe here to get the latest threat intelligence and more from Digital Shadows in your inbox.