Risk and Cyber Security in a Time of Disruption
May 27, 2020
In the May 12 session in the Governance Evolution track of The McMaster Collaboratorium, Michael Castro, Principal and Founder, RiskAware Group and Lloyd Komori, Professional Board Director, Former CRO and Cyber Risk Authority discuss business continuity and cybersecurity challenges in evolving times with Dr. Michael Hartmann, Principal of The Directors College.
Pre-pandemic, the board used traditional methodologies to manage and assess risk. Very few businesses were prepared to deal with the new risks arising from the pandemic. Larger companies have the resources to mobilize and re-shift and will likely end up surviving well. Companies who did not have robust risk assessment or lack the resources to deal with the many fires that are burning daily, will not fair as well.
In the future, the boards who have shifted to adapt to the new requirements will continue to evolve with the business. Risk management best practices have changed forever. Cyber attacks have grown over the past 60-90 days as companies struggle to secure their infrastructure with a remote workforce. Email is the number one vector for attacks, so its not just about the technology, its also about training and awareness.
Cyber risk has exploded and exposed gaps in cyber security risk planning. With IT now being spotlighted, boards may find that they lack the knowledge and capability to understand the complexities of the systems and the risks.
Cybersecurity remains the most under resourced industry sector. No IT department could adequately prepare for 100% remote workforce in less than 30 days, even with the right resources. The current environment represents an unparalleled level of risk.
Previous strategies around the digitization of the business and the timelines for incremental change, are no longer valid. Organizations have been thrust into a situation that should have taken much longer to plan, execute and secure.
The new normal must account for a distributed workforce and new and creative ways to communicate and collaborate with all stakeholders. Organizations need to be courageous to take advantage of the opportunities being presented by the current risk.
The pace of change and exposure is accelerating. Using technologies can make it possible for board and committee members to become engaged quickly. Being a board director will mean more time spent – not 4 in-person meetings a year, but regular updates, conversations and strategy sessions.
Don’t underestimate the role of IT and cyber security. The old playbooks will not work going forward. Board members need to start accelerating their understanding of cybersecurity and where it fits in overall risk assessment and planning. Everything in the post-pandemic economy will be about IT.
Boards must practice ruthless prioritization to make sure the risks that are lethal to the organization are being addressed first. Change is occurring faster – it’s not about what’s perfect, it’s about what is possible.
Watch key messages from the webinar here.