CYBER RISKS & LIABILITIES
Cyber Risks & Liabilities
What You Need To Know
W
hen a data breach
or other cyber event
occurs, the damages
can be significant, often
resulting in lawsuits,
fines and serious financial losses. In
order for organizations to truly protect
themselves from cyber risks, corporate
boards must play an active role. Not only
does involvement from leadership improve
cyber security, it can also reduce liability
for board members.
To help oversee their organization’s cyber
risk management, boards should ask the
following questions:
1. DOES THE ORGANIZATION UTILIZE
TECHNOLOGY TO PREVENT DATA
BREACHES?
Boards should ensure that the
management team reviews company
28
technology at least annually, ensuring
that cyber security tools are current and
effective.
2. DOES THE ORGANIZATION HAVE A
COMPREHENSIVE CYBER SECURITY
PROGRAM THAT INCLUDES SPECIFIC
POLICIES AND PROCEDURES?
Boards should ensure that cyber security
programs align with industry standards
and are audited on a regular basis
to ensure effectiveness and internal
compliance.
3. HAS THE MANAGEMENT TEAM
PROVIDED ADEQUATE EMPLOYEE
TRAINING TO ENSURE SENSITIVE DATA
IS HANDLED CORRECTLY?
Boards can help oversee the process of
making training programs that foster
cyber awareness.
4. HAS MANAGEMENT TAKEN
APPROPRIATE STEPS TO REDUCE
CYBER RISKS WHEN WORKING WITH
THIRD PARTIES?
Boards should work with the company’s
management team to create a third-party
agreement that identifies how the vendor
will protect sensitive data, whether the
vendor will subcontract services and
how it will inform the organization of
compromised data.
5. HAS THE ORGANIZATION
CONDUCTED A THOROUGH RISK
ASSESSMENT AND CONSIDERED
PURCHASING CYBER LIABILITY
INSURANCE?
Boards, alongside the company’s
management team, should conduct
a cyber risk assessment and identify