Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”

 

{ 0 comments }

There are a number of reasons organizations need to be paying attention to their employees’ travel risks, including health scares, natural disasters and political unrest. Since unpredictable events like these are now a global reality, many businesses are taking a hard look at business travel risks and ways they can protect their employees abroad.

In fact, 80% of travelers believe their companies have a legal obligation to protect them abroad, according to On Call International LLC’s report, “Travel Risk Management.” This means employees may blame their organization if their health or safety is compromised during a business trip. Because so much is at stake for companies that send staff members across the globe, it is important for employers to understand business travel risks and implement a travel risk management strategy to protect their workforce—and their company.

The study notes that companies need to be prepared to respond quickly and effectively to any travel-related incident. Responses should also put the needs of the employee first. Companies need to anticipate the risks and prevent them from occurring–or at least limit their potential impact.

The infographic below looks at business travel risks and why it is essential for companies to protect their employees.

 

 

 

 

 

{ 0 comments }

Are companies prepared for skyrocketing energy costs to combat extreme heat? Can farmers handle average crop losses of up to 73%? Should businesses invest in oceanfront property that is virtually guaranteed to flood? Because of climate change, these are just some of the crucial questions the United States will face before the end of the century, according to “Risky Business: The Economic Risks of Climate Change in the United States,” a report co-chaired by business experts Michael R. Bloomberg, Henry Paulson and Tom Steyer. The report quantifies and publicizes the economic risks posed by a changing climate. While climate change can be a politicized topic, there is little controversy that the phenomenon presents a great deal of risk to everyone, from individuals to institutions.

Decision-makers already use risk analysis to address uncertain situations, routinely evaluating potential threats and challenges such as bad investments or schedule delays. The report adds climate change to the risks that all decision-makers should account for. Robert E. Rubin, co-chair of the Council on Foreign Relations and member of the report’s risk committee, said, “Companies should disclose both their potential exposure to climate risk, and the potential costs they may someday be required to absorb to address carbon emissions.”

The report uses risk analysis, Monte Carlo simulation (MCS) and models to illustrate how different regions are likely to be affected by climate change. The project’s simulation also analyzes efforts to mitigate climate change, showing a changed distribution of probabilities if those efforts are made in the coming years. “As there a very high number of permutations and combinations of weather events, it would be very difficult to analyze these meaningfully using an averaged or deterministic approach,” said Robert Kinghorn, associate director at the consulting firm KPMG Australia. “MCS overcomes this by allowing thousands of possible combinations of extreme weather events to be analyzed.”

MCS can illustrate the potential costs if no adaptation takes place, or if adaptation is employed. The “Risky Business” report demonstrates that ignoring climate change risks will lead to disaster, while taking steps now will have a big impact. Luckily we have tools to face these challenges.

Many forward-thinking business and communities have already applied MCS to climate change risk analysis. For example, AECOM, a professional technical and management support company, used MCS software and optimization techniques to evaluate the risk and costs of climate-change-related flooding of the Narrabeen Lagoon near Sydney, Australia.

AECOM was asked by the Australian Federal Government to conduct an economic analysis of climate change impacts on infrastructure. When the Narrabeen lagoon’s entrance is blocked, it can fill like a bathtub, flooding the surrounding land and houses. The community can tackle this problem in various ways—such as a lagoon entrance opening, levee construction, flood awareness and planning controls. Because climate change is expected to increase flooding in the Narrabeen catchment over the coming century, decision-makers needed a clearer understanding of the different possible adaptation measures.

“The objective of the study was to use an economic cost-benefit analysis to identify both what measures government should invest in to prevent the impacts from flood events and when they should invest,” said Kinghorn, who, along with his KPMG colleague Lisa Crowley, developed, designed and ran the project as previous employees of AECOM.

Kinghorn and Crowley estimated the social benefits of adaptation to climate change in terms of willingness to pay, rather than just costs avoided. Using MCS, they generated more realistic probabilities of overall costs and benefits, and modeling the expected future values of variables such as rainfall.

As the report states, even modest global emission reductions can avoid up to 80% of projected economic costs resulting from increased heat-related mortality and energy demand. While many companies may be resistant to change, the report makes an undeniable case; we cannot afford to ignore the momentous climate risks that threaten our near- and long-term future. “Responding to climate change is no longer a problem without a solution, said Crowley. ”It is not a question of do I need to respond, but how do I respond. An effective response to climate change is possible. The complex set of climate change data can be processed through a cost benefit analysis using MCS, producing a set of economic indicators to inform a more meaningful decision-making process on how and when to respond.”

{ 0 comments }

Over the past 40 years, tidal flooding has quadrupled in many low-lying areas, but that change is accelerating due to sea level rising. According to a new study, even moderate rising could as much as triple coastal flooding events in many communities in the next 15 years. Based on even moderate projections for sea level rise from the 2014 National Climate Assessment, the Union of Concerned Scientists’ study “Encroaching Tides” calls attention to the threat of routine tidal flooding to much of the East and Gulf Coasts. As opposed to storm surges, tidal flooding occurs far more regularly, bringing water above the base sea level during routine tide patterns or, for example, twice a month due to the moon’s increased gravitational pull.

With anticipated sea level rise, even daily tides may flood many areas, according to the report. As the base sea level changes, deviations take on new meanings–which can have drastic implications for property.

Flood Levels

Further, as sea levels continue to rise, tidal flooding events will become notably more extensive, with accompanying increases in disruptions and damage. As illustrated below, even minor flooding events will impact larger regions, and putting more property on the front line of regular flooding.

Moderate Miami Flooding

The duration of these events will also increase, potentially straining existing public infrastructure, demanding more emergency assistance, and leading to regular business interruption. Flood-prone areas in five of the 52 mid-Atlantic communities studied could be inundated more than 10% of the time, for example. In all of the communities studied, the number of tidal flooding incidents increased dramatically in projections for 2030 and 2045.

Tidal Flooding Chart

{ 0 comments }