A recent global survey conducted by the Economist Intelligence Unit of 453 board members, including 50 in Canada and 100 in the United States, found that one-third of the organizations had experienced a “serious” cyber incident in the past year. In his article in Canadian HR Reporter, John Dujay examines this and other key takeaways of the survey, including the finding that boards of directors have an important role to play in fostering cyber resilience in an organization. As the article explains, most companies have a cybersecurity plan, but few focus on cyber resilience – the ability to maintain a level of normalcy and continue operating after a cyber incident. Patricia Kosseim, Counsel in Osler’s Privacy and Data Management Group and Co-Leader of the firm’s AccessPrivacy platform, comments extensively on how boards can get involved in developing an organization’s cyber resilience strategy.
“A question for the board that is important to ask is ‘What level of resources does the organization dedicate to technical security, the physical hardware and software?’ But also,” Patricia says, “it’s important for the board to make sure that it asks questions about whether or not management feels it has the necessary technical skills or capacity to deal with the evolving cybersecurity landscape.”
Patricia also says that it’s critical for companies to improve cyber resilience by spreading out responsibility.
“A typical and flawed assumption is that it rests entirely on the shoulders of the chief information security officer (CISO),” she explains. “But, in fact, a healthy governance structure will promote a shared responsibility between the CISO … and the chief privacy officer. And in some organizations that have really put some thought into this, both those senior positions may co-chair a cross-functional team that draws on communication, on finance, on audit, and particularly on HR.”
Learn more about cyber resilience by reading John Dujay’s full article, “Boards of directors play important role maintaining cyber resilience” [PDF] from the Summer 2018 edition of Canadian HR Reporter.