Growing Cyber Risk Poses Challenges for Corporate Directors

PR Newswire

NEW YORK, March 19, 2018 /PRNewswire-USNewswire/ -- The jump in cyber attacks is challenging how boards approach risk management and their readiness to handle emerging threats, says WomenCorporateDirectors (WCD) and Marsh & McLennan Companies' Global Risk Center new joint report, Cyber Risk Management Response and Recovery.

"With increasing threats of attack on their data and systems, boards are demanding much more information about their organizations' risk and how well they are covered against loss and breaches," says Susan C. Keating, CEO of WCD.

As the annual global economic cost of cyber-crime skyrockets, WCD has teamed up with Marsh & McLennan's Global Risk Center to explore hot-button issues for directors in the area of cybersecurity, including expanding regulatory requirements and boards' heightened responsibility to oversee new risks.

Marsh & McLennan's Global Risk Center interviewed WCD corporate directors to identify how companies are addressing cyber threats and the use of cyber insurance. "As the global regulatory landscape becomes more complex, cyber security is gaining increased board level attention," said Elisabeth Case, U.S. Cyber Advisory Leader, Marsh, a subsidiary of Marsh & McLennan Companies. "Boards are definitely stepping up their oversight."

Despite this, the report found that directors are still challenged by factors that they believe put their companies at greater risk:

Director-level experts are thin on the ground – Most boards have only one director serving as the tech or cyber expert; few directors "grew up digital," and they now have to play catch-up to the sophisticated technology used in attacks.
Lack of benchmarking on security practices – Companies are unclear on how they stack up against their peers, leaving a lot of unanswered questions about best practices, business models, and geographies.
Unknown risks around third-party providers – One third of organizations do not assess cyber risk of their suppliers and vendors, leaving mission-critical data exposed and beyond the company's control.
Inadequate transparency from management – Management often paints a rosier picture than reality, leaving directors in the dark about risks, and rendering them unable to sufficiently support risk mitigation efforts.

To increase board awareness of company risk, the report provides "10 Questions to Ask Management about Your Organization's Cyber Readiness." Some questions include:

Where do we rank in cyber preparedness compared to relevant peers, and how frequently does management perform cyber scenario testing/war games? How do we benchmark our performance?
Which managers across the organization have accountabilities for cyber risks within IT, business lines, and other operational areas?
What are the limits of liability of cyber insurance that we have available, and how can we determine if coverage is sufficient?

The report, the first in a joint series of Global Governance Insights on Emerging Risks, was unveiled at the WCD Americas Institute in Miami on March 7, which convened directors from around the world and explored topics ranging from "Next Gen Crises that Keep Directors Up at Night" to "How to Deal with a Difficult CEO."

"Cyber risk is just one of the areas in which boards have to 'see around corners' to anticipate what is coming next as far as threats and opportunities for their companies," said Keating. "With the increasingly complex nature of the risks ahead, sharing our best practices and hard-won experiences and insights is the best way to improve governance around these incredibly challenging areas."

For more information about the report, Cyber Risk Management Response and Recovery, please contact Suzanne Oaks Brownstein or Trang Mar of Temin and Company at 212.588.8788 or [email protected].

About WomenCorporateDirectors Education and Development Foundation, Inc.
The WomenCorporateDirectors Education and Development Foundation, Inc. (WCD) is the only global membership organization and community of women corporate directors. A 501(c)(3) not-for-profit organization, the WCD Foundation has 80 chapters around the world. The aggregate market capitalization of public companies on whose boards WCD Foundation members serve is over $8 trillion. In addition, WCD Foundation members serve on numerous boards of large private and family-run companies globally. For more information visit www.womencorporatedirectors.org or follow us on Twitter @WomenCorpDirs, #WCDboards. The WCD Global Institute will be held May 8-10, 2018, in New York.

About the March & McLennan Companies' Global Risk Center
Marsh & McLennan Companies' Global Risk Center addresses the most critical challenges facing enterprise and societies around the world. The center draws on the resources of Marsh, Guy Carpenter, Mercer, and Oliver Wyman – and independent research partners worldwide – to provide the best consolidated thinking on these transcendent threats. We bring together leaders from industry, government, non-governmental organizations, and the academic sphere to explore new approaches to problems that require shared solutions across businesses and borders. Our Asia Pacific Risk Center in Singapore studies issues endemic to the region and applies an Asian lens to global risks. Our digital news services, BRINK and BRINK Asia, aggregate timely perspectives on risk and resilience by and for thought leaders worldwide.