This in-depth article explains why smaller companies are under as much risks of cyber-attack as large, well established ones: the value of the disruptive technologies they are developing, the fact that they are networked to larger firms through supply chain software, that they use cloud technologies to lower costs and that employees use their own devices at work. Board of directors of these companies cannot just accept the risks and should look for the company to adopt a balanced approach toward security, which is part prevention, part detection and part response.
Time for the board to take notice and play its role in cyber oversight
Board cyber-mitigation plans will include cyber-insurance in 2016
Cyber insurance will become the norm for organisation in 2016 and it will force organisations to have better cybersecurity practices to ensure risks are at an acceptable level. Security requirements from insurers will be very significant and will drive improvements in cyber risk management, which is good news for most boards as it will increase maturity and drive the organisation toward cyber-resiliency
Board of directors will have to increase their monitoring of cyber-security in 2016
Board of directors will have to increase their monitoring of cyber-security in 2016 and include cloud protection in their questioning. This articles warns that companies will have to implement the same kind of security control into its cloud environment that it has for enterprise IT. It also projects that the increasingly complex nature of cybersecurity defense will lead to many organizations looking for security-as-a-service from their cloud and bandwidth suppliers.
http://www.inforisktoday.in/interviews/2016-year-hackers-exploit-cloud-i-3023
Networking is a requirement for corporate directors
I strongly believe that networking is a duty for all directors and is part of the steps required to stay on top of governance oversight. In that spirit, I will be presenting at a round table event by Women Get on Board in Toronto on February 18th on the topic of how to promote yourself online. Do not hesitate to come and meet me or reach out to me.
Technology predictions are important for Corporate Directors
I attended last week the Deloitte Technology-Media-Telecommunication predictions breakfast and once again it was an outstanding opportunity to reflect on upcoming trends that will affect consumers, businesses and business models. I want to congratulate Duncan Stewart for his leadership and his dynamism through this presentation. I advise Corporate Directors to attend these types of events, that help stay current in technologies and look ahead of the curve to support their strategic planning duties. Or read the report. To be noted in these predictions:
The PC still has its place in the life of the new generation and is here to stay
Mobile gaming is not so lucrative
TV viewing erosion is slower than expected
Gigabit internet will surge
More and more people do not have a regular phone and 26% of smartphone users do not make regular calls with their phones
Artificial Intelligence is used efficiently in enterprise software
Women are needed to meet the needs of IT jobs, yet fewer that 25% of IT related jobs are occupied by a woman
http://www2.deloitte.com/ca/en/pages/technology-media-and-telecommunications/articles/tmt-predictions-2015.html
I attended last week #TMTPredictions. Corporate Directors should attend or read to stay current in technology trends in support of strategic planning #corpgov #risks http://www2.deloitte.com/ca/en/pages/technology-media-and-telecommunications/articles/tmt-predictions-2015.html
The next focus for boards on cyber security: cyber mitigation.
As board become more mature in understanding cyber risk, they will be compelled to get more involved in cyber-mitigation to ensure comprehensive mitigation plans are in place. This post explores two emerging key mitigation measures: cyber resiliency and cyber liability insurance coverage. Do you have a clear understanding of your cyber mitigation plan?
https://www.linkedin.com/pulse/next-focus-boards-cyber-security-mitigation-josee-morin?published=t
Cyber Threats require a new governance model
A very interesting opinion by the NACD arguing that cyber threat are as complex, require as much expertise and attention and have as large impacts as financial risks. Because of this, like financial risks require an audit committee, Cyber risks warrant the creation of a separate committee of the board, of which the CISO is a member, and that can receive support from outside advisors to ensure the board adequately meets its oversight responsibilities. What do you think?
http://boardleadership.nacdonline.org/rs/815-YTL-682/images/The%20Director%27s%20Chair.pdf?mkt_tok=3RkMMJWWfF9wsRonsqnPZKXonjHpfsX57%2BsvWKG%2BlMI%2F0ER3fOvrPUfGjI4DScFlI%2BSLDwEYGJlv6SgFQrHAMbl01rgLUxM%3D
Seven steps to enhance cybersecurity for insurance companies that can be used by all corporate directors
This article centered around the insurance company industry describes 7 steps to be followed to improve cybersecurity programs: enhance management oversight of cybersecurity, identify critical business processes and assets, provide oversight for third party relationships, improve incident response processes, integrate and align enterprise risk management (“ERM”), evaluate the second line of defense (i.e., compliance department), establish cybersecurity training and awareness program. These guidelines apply to all types of companies and can be used by directors to make certain they ask questions on all key activities related to cybersecurity.
http://corpgov.law.harvard.edu/2015/09/26/cybersecurity-enter-insurance-regulators/
I am this week laureat of LeSoleil-Radio-Canada
I am honored that my career as a diverse corporate director was recognised this morning in the news. I was nominated as LeSoleil- Radio-Canada laureate of the week for being part of Diversity-50 2015
How does you board compare to these survey results?
Interesting to compare how your board is doing on the different topics surveyed in this report: strategic discussion, risk oversight, capital allocation strategies, social media policies, big data, cyber-security.
Boards must pro-actively support the development of a cyber-breach response plan
The preparation of a cyber-breach response plan is a key component of the risk mitigation plan. It should include constituting a multi-disciplinary response team, gathering all documents related to incident response, reviewing legislation and finally building the plan that includes post breach communication.
The cyber-breach response plan must be carefully planned, action-oriented and it should clearly define the roles and responsibilities in executing the plan. To be efficient it has to be regularly re-visited, with changing company strategies and assets to protect.
Is the board getting the real measure of cybersecurity risks?
After reading these troubling survey results on risk and compliance demonstrating how confidential data is protected enough, it is difficult to believe that a first-ever cybersecurity report by AT&T (http://www.business.att.com/content/src/csi/decodingtheadversary.pdf) found 75% of companies don’t involve their full boards in cybersecurity oversight, saying it is an IT issue and not a core business concern. Do you, as a corporate director, feel cybersecurity is not a core business concern?
http://blogs.wsj.com/riskandcompliance/2015/10/02/survey-roundup-a-critical-look-at-board-debate/?mod=djemRiskCompliance
Josée Morin is a 2015 Diversity 50 nominee
I had the pleasure of being selected by the Canadian Board Diversity Council as a 2015 Diversity 50 nominee. The CBDC identifies qualified, diverse candidates for corporate board of director appointments and creates the definitive resource of diverse, board-ready corporate leaders. This prestigious appointment confirms my corporate leadership and helps expand my network across Canada. I will be in Toronto on October 15th for the Diversity 50 launch event, contact me if you would like to meet me there. I encourage all corporate directors that represent diversity to apply to the 2016 call for nomination that will open in the spring of 2016. https://www.boarddiversity.ca/diversity-50
Changes in the CIO role are impacting board dynamics
The role of the CIO is changing, as IT becomes engrained in the business value proposition. The dynamics of the board will also change as more significant strategic discussions will involve not only the CEO and the CFO, but the CIO as well. Board member will have to become better versed in IT related discussions and the board will have to be more diverse and include people with stronger digital backgrounds.