From CFO.com – Neither a company’s size, its location, nor its industry is a deterrent to cyber crime, which costs organizations an average of $5.5 million per data breach and can have an impact on the privacy of customers, employees, and business partners, experts say.
In the past, cyber-risk management was mostly about protecting intellectual property and trade secrets from competitors, says Mark Melodia, chair of the data security, privacy, and management practice at law firm Reed Smith. Now, because of changes in technology, it is easier for competitors, nation states, and the Mafia to infiltrate.
And there are regulators that companies must deal with on the state, federal, and global levels. “There is virtually no consistency across international borders,” Melodia says. Even within this country, 46 states have regulations governing privacy and other aspects of cyber risk. Currently there are four bills in Congress aimed at bringing uniformity to the states.Melodia stresses that every business is affected by cyber-risk issues. “Even the corner bodega takes credit cards,” he says. It will have a computer, or important information may reside on the proprietor’s mobile device. He notes that businesses of all sizes are struggling to keep up with current best practices.
In spite of all the risks, “everybody pays attention only after the fact,” notes Melodia, whose job is to come in and clean up messes. Chief information security officers and CFOs “ought to go to lunch together, and invite the risk manager to come along and sit between them.”
CFOs need to make it clear that they are proactively dealing with cyber risk. Melodia cautions that shareholder suits against companies are on the rise, with both executives and board members blamed for failing to pay attention to potential risks or exercise reasonable care.
Read the full article here