ENHANCING BOARD OVERSIGHT OF CYBER RISK: PROTECTING THE INTANGIBLE
Now, more than ever, organisations are at risk of cyber attack. Given the frequency and sophistication of such attacks – the US government considers cyber security to be “one of the most serious economic and national security challenges” – and the massive impact they can have on businesses, the issue of cyber security planning and protection is no longer considered the sole preserve of the IT department but is now increasingly a staple of boardroom agendas.
The intention of a cyber attack is, in the main, to destabilise. The modus operandi of cyber criminals – be they crime syndicates, hacktivists, disgruntled employees or state-sponsored hackers – involves stolen financial data, threats to release sensitive information, identity theft, denying access to a company’s website, or the installation of incapacitating computer viruses. For companies, the impact of such attacks is immediate and severe. The fallout may involve reputational damage, negative press coverage, a decline in sales and stock, potential lawsuits from customers and partners, and costly (and likely lengthy) legal investigations.
In recent months, a number of cases of cyber crime have hit the headlines, many involving major global companies. In February, Amy Pascal was compelled to step down as co-chair of Sony Pictures following a debilitating cyber attack (attributed to a group calling itself the Guardians of Peace (GOP) which stole huge amounts of internal information, including emails and copies of films) that revealed to the world a number of her private emails – one in which she speculated as to President Barack Obama’s taste in movies caused particular embarrassment. Authorities believe that GOP’s attack on Sony was motivated by the decision to release ‘The Interview’ – a film portraying an attempt to assassinate North Korean Leader, Kim Jong-Un.
Also in February, insurance giant Anthem Inc. announced that it had been the victim of a cyber attack and that it had had 80 million social security records, as well as other sensitive information, stolen. US federal investigators have previously warned that Chinese hackers are increasingly targeting US commercial and government networks.
Apr-Jun 2015 Issue