Two Key Areas of Governance Risk Examined in New Research

Estimated reading time: 4 minutes

The Conference Board today launched two major reports on topics poised in the years ahead to become—where they are not already—defining governance challenges for companies around the globe. The first report surveys prevailing threats, exemplary and cautionary case studies, and emerging best practices in managing cyber risk. The second investigates the dangers of short-term thinking for individual firms and the economy as a whole.

From Ridiculous to Ruinous, Escalating Cyber Risks Demand Proactive Governance

The past year has seen new breaches of cybersecurity revealed in the media on a seeming daily basis, with implications ranging from the embarrassingly personal (35 million adultery-website users “outed” by hackers) to the ominously political (state-sponsored theft of an entire Fortune 100 executive team’s data, including Social Security numbers and health records.) Indeed, the sheer volume, variety, and audacity of high-profile cyber-attacks should disabuse leaders of the notion that any organization—commercial, governmental, or otherwise—is immune from the threat.

Emerging Practices in Cyber Risk Governance helps boards, C-suites, and frontline top managers develop the vigilance and resilience to thrive even as technology evolves and vulnerabilities proliferate faster than ever before. Drawing on publicly available data and the first-hand experience of leading corporations, think tanks, associations, and experts, the report provides a framework for guarding against the full gamut of internal and external cyber risks. To this end, it analyzes the lessons and impact of five high-profile security breaches, involving Target, JP Morgan Chase, Anthem, Sony, and the U.S. Office of Personnel Management. Alongside these cautionary examples are five case studies of Fortune 250 companies that have mitigated major cyber risks through a more proactive governance approach.

“In an age of hypertransparency and superconnectivity, cyber risk is not a standalone issue but one that interacts with other challenges at every level of a firm’s business plan and strategy,” said Andrea Bonime-Blanc, author of the report and CEO and founder of GEC Risk Advisory LLC. “These include everything from the risks third parties pose to supply chains and intellectual property, to human capital risks around employee/insider access to secure assets, to geopolitical and physical security risks associated with state-sponsored industrial espionage. Reputational fallout, moreover amplifies the risk—and potential damage—at every level. Boards and management alike must make cyber risk a central element of planning before an incident occurs.”

Taking off from the latest trends, threats, and best practices, Emerging Practices in Cyber Risk Governance lays out ten keys for addressing the challenge:

    1. Developing a triangular governance approach to cyber risk management that joins the board, CEO/C-suite, and frontline talent

    2. Understanding the reputation damage to strategic cyber risk management gone wrong

    3. Knowing the organization’s cyber risk actors and stakeholders

    4. Having a deep understanding and focus on organizational “crown jewels”

    5. Engaging in a relevant cyber risk public–private partnership

    6. Developing a cross-disciplinary approach to cyber risk management

    7. Developing a cross-segmental/divisional approach to cyber risk management

    8. Making cyber risk governance an essential part of organizational resilience

    9. Choosing one of three proven cyber risk governance models: Vigilant, Integrated, or Command & Control

    10. Transforming effective cyber risk governance into an opportunity for better business

Page 1 of 2

• Next Page >