Tag Archives: board of directors

Immediate Vault Immediate Access

Risk Management, Board Collaboration Can Bolster Cyber Defense

Posted on by

Risk management executives are charged with preparing companies for, and protecting them from, a broad array of emerging risks. Today, there is perhaps no threat that poses more danger than a cyberattack, which could result in a data breach or compromising sensitive information. Given the rapid increase in frequency and severity of high-profile cyberattacks in recent months, organizations must confront cybersecurity issues with greater focus, specificity and commitment.

Of note, an astounding 43% of U.S. companies experienced a data breach in the past year, according to the Ponemon Institute’s 2014 annual study on data breach preparedness, a 10% increase from 2013. These alarming trends are compelling companies to create programs centered on cyber risk awareness, education and preparedness. These programs are vital to the company’s performance and growth; the 2014 Cost of Data Breach Study by IBM and the Ponemon Institute reveals that the average cost to a company from a data breach was about $3.5 million per breach in 2014 – a 15% increase since last year. A company’s intellectual property and customer data may also be compromised in a cyberattack, expanding potential casualties beyond financial losses.

Risk management executives cannot confront this issue alone. Because the responsibilities of management and boards of directors are not limited to having a thorough understanding of cybersecurity issues, they must also be aligned on a clear-cut strategy for both preventing and responding to cyberattacks. This strategy includes efforts to improve education, implement preparation measures before an attack strikes and continued adherence to best practices in all board-related activities.

Awareness and Education

At the most fundamental level, boardrooms must increase the company’s resiliency in the face of cybersecurity threats by increasing awareness of the topic and the associated risks. Unfortunately, boardrooms are struggling to properly educate directors on the topic: a 2012 Carnegie Mellon poll of how U.S. boards are managing cyber risks found that 71% rarely or never review privacy and security budgets, 80% rarely or never review roles and responsibilities, and nearly two-thirds rarely or never review top-level policies. Additionally, more than half of directors surveyed rarely review security program assessments. Every director should make cybersecurity a topic on the board’s agenda and ask questions if there is any confusion or doubt.

Preparation

Directors who are properly aware and educated on the topic of cybersecurity are therefore more prepared and versed in the case of a crisis, not only as individuals but as a collective management team. Given the potential economic consequences of these attacks, it is essential that boardrooms are aligned on the company’s response strategy. It is critical that there be a clear understanding among all levels of a management team about who is responsible for managing this issue. Directors who are familiar with their company’s IT department are better able to determine if the team is equipped to effectively address cybersecurity. Cyber policies must remain updated and understood by all in order to decrease chances for exposure.

Best Practices

A critical part of boardroom preparedness is ensuring that directors are pursuing best practices to decrease changes for exposure and there increase resiliency. There are several practices companies can adopt to ensure this level of preparation:

  • Education and preparation: Board members must be educated on cybersecurity and its risks so that they are prepared to manage any situation or crisis. Oftentimes, companies increase their vulnerability by failing to provide directors with the proper tools and information.
  • Secure communication: Companies must provide board members with a secure way to share and communicate about critically sensitive information. In order to prevent careless oversharing, this information should never be sent via email. Board members must have a thorough understanding of cloud services. Although these solutions provide an easy way to upload and download files, many have been successfully hacked, compromising private files and email addresses.
  • Collaborate and strategize: When directors have a clear understanding of cyber security and the associated risks, they are more equipped to collaborate and strategize around managing any issues related to cybersecurity. With increased board-level conversation about cybersecurity, directors are able to determine if managing cybersecurity is the purview of the audit committee, a separate committee, the company’s IT department or CIO.

Education, awareness and preparedness are critical components to help mitigate vulnerability and risks of cyberattacks. Boardrooms must be open to embracing new strategies and technologies in order to ensure their communication capabilities are secure while remaining fast and accessible. Organizations need to prioritize cybersecurity training to ensure that boardrooms are acting in the company’s best interest and are confident in its cyber crisis response strategy. Although risk has been an evolving factor impacting businesses of all types and sizes throughout history, cybersecurity presents a new challenge—and it is one that can be confronted successfully with the correct management strategy and tools.

Engaged Boards Lead to Better Information Security Practices

Posted on by

Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”

 

Smaller Boards Mean Bigger Results, Study Finds

Posted on by

Small Boards Bigger Stockholder Returns

According to a new study by GMI Ratings, bigger isn’t always better in the boardroom. In research for the Wall Street Journal, analysts found that large companies with the smallest boards produced substantially better shareholder returns.

buy nolvadex online cphia2023.com/wp-content/uploads/2023/08/jpg/nolvadex.html no prescription pharmacy

Based on a study of 400 companies with a market capitalization of at least $10 billion, those with small boards outperformed their peers by 8.5 percentage points, while those with large boards underperformed peers by 10.85 percentage points. The smallest board averaged 9.5 members, compared with 14 for the largest. The average size was 11.2 directors for all companies studied, GMI said. Their results were replicated across 10 different industries, from energy to healthcare.

Smaller boards tend to be “decisive, cohesive, and hands-on,” the WSJ noted, with more freedom to delve deep on operational issues and substantively debate issues. Further, as NYU finance professor David Yermack told the paper, small boards are more likely to dismiss CEOs for poor performance—a threat that declines significantly as boards grow.

Board Size and Shareholder Returns

While the details of causality are up for debate, the correlation is striking.

buy strattera online cphia2023.com/wp-content/uploads/2023/08/jpg/strattera.html no prescription pharmacy

Apple, which expressed firm plans to limit the board to 10 people, outperformed competitors in the technology sector by 37% between 2011 and 2014.

buy lipitor online cphia2023.com/wp-content/uploads/2023/08/jpg/lipitor.html no prescription pharmacy

Helmed by just seven directors, Netflix outperformed its industry peers by 32% during the same period. By contrast, pharmaceutical giant Eli Lilly, which has a board of 14, trailed its peers in the healthcare sector by 16%.

Top Female Risk Managers Offer Insight on Success with the Board and Beyond

Posted on by

DENVER—Four of the top risk managers gathered today to reflect on their career paths and tips for success in the panel “Women of Distinction: Risk Managers of the Year Share Their Wisdom.”

Noted for far more than their gender, Grace Crickette, Lori Gray, Sheila Small, and Laurie Solomon have all received top accolades in the industry and were all previously been named Risk Manager of the Year. While they all reflected on the strengths and skills that women bring to the field, they did acknowledge a number of challenges faced on the road to management positions, some of which should be no surprise to any woman in business. “When I was first made an executive, I had to see a clinical psychologist,” said Grace Crickette, SVP and CRO for AAA Northern California, Nevada and Utah.

buy fildena online imed.isid.org/wp-content/uploads/2023/10/jpg/fildena.html no prescription pharmacy

“He told me, ‘You have some really great traits to be in business—if you were a man.  As a woman, you’re probably going to have a pretty hard time.’”

Their insight stretched far beyond questions of being a woman in the workplace, however. In particular, their advice on how to earn the respect and recognition of the board offered key tips for any risk manager, male or female. “You need to focus more on building your reputation for work with the board,” Crickette said.

buy arava online imed.isid.org/wp-content/uploads/2023/10/jpg/arava.html no prescription pharmacy

“Help educate them. I make a point to send out an article—not written by me—at least once a month that offers something valuable to learn. In doing so, you also demonstrate what you know, understand, and can engage about.”

“Few people understand our companies across the whole organization as well as we do,” said Laurie Solomon, The Coca-Cola Company’s director of risk management. “Our biggest asset is that broad knowledge of the organization, how it works, what the biggest challenges are, and where there is the greatest potential for risk or growth.” That knowledge and comfort in the material at hand breeds confidence. Knowledge, experience, and confidence combine to create credibility, and that credibility is what facilitates access to the board and progress in your program and your career, she said.

Credibility also has tremendous impact on a risk manager’s success in the public sector as well. Last year’s Risk Manager of the Year, Lori Gray of Prince William County, emphasized the human component of this. The risk assessment process, she said, offers a prime opportunity to establish credibility and strong working relationships by meeting critical players face to face.

buy rybelsus online imed.isid.org/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

“Risk assessment is your opportunity to meet people in person and ask what keeps them up at night. You are developing critical relationships while getting an honest, first-hand perspective of the exposures that should be on your radar,” Gray said. “Going out and meeting department heads is critical because one of your chief jobs is to sell. You are selling yourself and selling your program.”

Gaining recognition may be one of the greatest challenges for the future of risk managers and risk management as a whole. “Part of the challenge we face as an industry is to get recognition of risk management as a pool for future CEOs and COOs,” said Crickette. “The skills and insight we have would make for fantastic officers, but people just do not think of us for those opportunities. The industry has a lot to do to promote our potential.”