BOARD LEVEL CYBER SECURITY AND IT RISKS

In recent years we have seen an unprecedented increase in the number of data breaches across the globe. Whether from lost or stolen devices, improper disposal of information, external hackers or a simple mistake, data breaches are becoming one of the most common and costly security failures amongst organisations, according to IBM Data Breach Statistics. Given that this trend shows no sign of abating, industry experts are turning to company directors and questioning whether they are taking IT security seriously enough.

IT security is a fundamental component of information privacy and an item that should be high on the agenda for boards. Carnegie Mellon University’s ‘Governance of Enterprise Security – CyLab 2012 report’, which surveyed directors and senior executives, found that although 91 percent of respondents indicated that risk management was being actively addressed by their board, the areas receiving the least attention were IT operations (29 percent), computer and information security (33 percent), and vendor management (13 percent).

As cyber risk rapidly increases, so too do the frequency of IT security failure stories in the media. One of the most recent Australian incidents involved a teenager using a relatively simple hacking technique to breach the security of Public Transport Victoria and obtain personal consumer information including names, addresses, telephone numbers, dates of birth and extracts of credit card numbers. Whilst motivation of the perpetrator in this instance was to warn the organisation of its site’s vulnerabilities in order to improve online security (The Border Mail – 8 January 2014), the case serves to illustrate that attacks can come from a variety of sources.

Apr-Jun 2014 Issue

AIG Australia