Every CEO & Director should understand this!

If you’re in business today, you are in the information business.  That immediately begs the question of what priority you’re placing on governing your information?

A 2012 report from IBM estimated that 2.5 quintillion of data were created every day, and that 90% of data had been created in the previous two years.  Since then, data continued to grow at an explosive rate, creating new opportunities and challenges for every company.

The digital economy presents the perfect ecosystem for information to be the power it always promised to be.  Companies with the competence and capacity to manage, mine and monetize data can leverage their information assets, transforming them into lucrative profits.  At the same time, the dilemma of managing the sheer volume of data and protecting its confidentiality, integrity and availability, is proving to be overwhelming for the average company.

The growth in cybercrime

With the growth of the information economy there has also been the corresponding growth in the cybercrime economy.  In a 2018 post in Venture Beat Mike Mcguire estimated the size of the cybercrime economy as $1.5 trillion annually, and growing.  Crikey!  Did you know that there’s even something called Cybercrime As A Service (CAAS)!

Anything and anyone connected to the internet becomes a source of vulnerability for companies. Computers, mobile phones, cameras, websites, online portals, smart devices, internet of things …integrating any or all of these into your business operations represents a business exposure that can result in a data breach.  

Information IS a strategic business asset.  It’s precious and needs to be protected.  And without the capability to predict, prevent, protect and respond to the imminent data intrusion from cybercriminals, your business is like a sitting duck.  Your hard-earned profits are at risk and danger of depletion due to ransomware, data loss, business disruption, loss of clients, inter-alia.  Consider this in the context of Zerto’s 2018 State of IT Resilience Report which found that 90% of companies acknowledged that they aren’t cyber resilient.

So what’s to be done?

These truths raise a clarion call for information governance to sit right alongside functions like accounting, finance, risk management and operations.

The Information Governance Imperative

Information Governance is defined by the Information Governance Initiative as: “the activities and technologies that organizations employ to maximize the value of their information while minimizing  associated risks and costs”.  It is a fundamental component of good corporate governance that covers the disciplines of cybersecurity, risk and compliance, information management, records management, information security (infosec), data governance, privacy and eDiscovery, inter-alia.  

Companies are facing new pressures daily to stay ahead of more inventive and aggressive cyber attacks that are exploiting their poor information management hygiene.  The frightening thing is that the cybercrime industry is attracting those in search of cheap thrills who easily learn and/or purchase the skills on numerous online forums.  And it doesn’t hurt that they earn lucrative returns with minimal risks of being caught.

It’s time for ceo’s and directors to start taking a position on this invidious threat to your business and the privacy of your constituents.

Wherever you see yourself along the learning curve, you can’t stay there.  It’s time to Act Preemptively™ to secure your business and protect the privacy of your employees, customers and investors.

Our Open Letter to CEOs and Directors posted on Data Privacy Day should have gotten you off the mark in thinking through this change imperative.  This current message now treats with getting a read on the state of affairs in your business.

Protect their information!   Protect their future!

It’s never going to be too soon to tackle any threat to your financial health.  When you start the conversation, you will get a sense of how far apart you are from what is most desirable. 

Some immediate things you will want to consider regarding these threats to your customers, employees and investors are:

1. Does the security competency exist amongst your fellow directors to lead the charge?
2. How can you initiate the conversation in the boardroom? You can start by asking to be updated on the cybersecurity strategy.  Is there one?  Who is in charge of it?  Does it cover your key vulnerabilities and expressly state how the risks are being managed? Are the risks included on the risk register?  What kind of reporting/metrics can they provide that tracks the effectiveness of their infosec and privacy management practices?
3. Seek to ascertain the competence of the people charged to keep your data secure. Are they equipped for the task?  Are they skilled to treat with your cybersecurity issues?  Have they been striving to be heard but are ignored because they report at lower levels in the organization?

Are you ready for this?  The data you protect may be your own.