While we all may have breathed a sigh of relief with the explanation that last week’s stoppage of the stock market was a result of a glitch in a computerized system and not a cyber attack by powers foreign or domestic, nevertheless this event should remind all of us, but particularly those at the top of the leadership chain in any business, that they must take responsibility for the cyber risks that their companies are exposed to. In today’s high-tech world, data in general, and in particular its unimpeded flow, is important in some way to every business; in fact it is viability-critical to more of us every day. A CEO or COO has not discharged their responsibility simply by delegating responsibility for these risks to their CIO or Legal Department; rather, the top executives must themselves have a handle not only on what these risks are and what possible prevention entails, but also need to have given serious thought to how to deal with the aftermath of a denial-of-service attack, compromise of data or similar problem. It is bad enough to have to have experienced a cyber attack, but think about then having to deal with a derivative shareholder action alleging that you didn’t do what you reasonably could have done to avoid it?
For example, in today’s cloud-based world, it would be a mistake to overlook threats that could originate from within your company (a disgruntled employee, perhaps?), by mistakenly assuming that the only real threat is from one or more external sources. And thinking of the solution as being deciding on which responsive technology solution to implement is also overly simplistic. There are many factors involved in implementing sound prevention and response plans. As companies grow larger, one part of the solution may be the implementation of a “Chief Information Security Officer” position, but this is only one of many options that the C-suite and Board of Directors must investigate and consider.
Unfortunately these are complicated topics for which space limitations do not allow for sufficient discussion. However, Culhane Meadows stands ready to assist you in asking the right questions and putting you in touch with the right experts for advice. Just give us a call!
Want more information? Author Barry Burt is a partner of Culhane Meadows in Atlanta, Georgia, where he provides advice and counsel on general corporate, commercial transaction and corporate governance matters. He can be reached at BBurt@CulhaneMeadows.com.