(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

The Corporate Board of Directors and Its Role with Cybersecurity Risks 

5/28/2020

0 Comments

 
Picture

Boards have broad duties that they owe to their company including corporate governance and overseeing risk management. ​

Boards are responsible for ensuring that the company has established risk management programs appropriate for the material risks facing the company and for overseeing how company management implements those programs. Boards have recognized their responsibility for overseeing the management of credit risk, liquidity risk, and operational risk. Addressing cybersecurity risks should be included as one of those responsibilities. Boards that ignore, or minimize, the importance of cybersecurity risks are not doing their job. As many IT professionals advise, it’s not a matter of “if” a company will face a cybersecurity breach, but “when.”

There has been a 20.5% increase in data breaches this year compared to last year according to a recent report from the Identity Theft Resource Center. The business sector, with 33.5% of the breaches, represents approximately 60% of the compromised records. In light of the recent data breaches reported by Ebay, Target, Adobe and Wyndham, among others, corporate boards are making cyber threats a board-level issue.  Boards should evaluate their company’s cyber risks and ask:
  1. What kind of data and confidential information does the company collect, store and handle? 
  2. What role does IT play in the company?  What is the current state of the company’s IT (hardware and        software) infrastructure, budgeted IT spend, and existing    and planned changes?
  3. Who on the board currently has primary responsibility for the oversight of IT risks?
  4. What is the company’s perceived level of security risk and comprehensive security strategy?  What controls are in place to mitigate the risk?  How does   management test its resistance to attacks?  What are the company’s IT security resources?  Is the cybersecurity spend level appropriate?
  5. How does the company protect sensitive data from the risk of theft?  What are the company’s internal and external data privacy policies?  What privacy policies are in place for data exchanges with third parties?
  6. Has the company undertaken a cybersecurity assessment?  When?  What were the results? 
  7. Is the company providing training to its employees about cybersecurity? 
  8. Does the company have a cyber-incident response plan?  What are the technical protocols?  Does the company have a cybersecurity back-up plan? 
  9. Who within the company is responsible for the company’s cybersecurity?  Does this person work with any outside cyber experts on the company’s behalf? 
  10. Does the company purchase insurance to transfer the cyber risks?  Is there adequate insurance?  Does the insurance provide the type of coverage the company needs?
  11. Is the company following the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology (“NIST”) in February 2014?  How well does the company’s cybersecurity policies match-up to the Framework’s guidelines? 
By going through this exercise, Boards of Directors can evaluate and understand their company’s cyber liability exposure and work towards ensuring that their company is properly protected.

Read More
0 Comments

Enterprise Risk Management:  A Primer for Business Leaders – Part IX (The Role of Senior Leadership in ERM)

5/11/2020

51 Comments

 
Picture

​Released in 2009 as the first global standard for ERM, ISO 31000 was revised in 2018. In this section, we focus on the reasons for the revision, including the most important one: an appeal to senior leadership to increase their involvement and commitment to ensure that ERM becomes integrated into all organizational activities, including day-to-day decision-making and everyday behavior.  


Read More
51 Comments

COVID-19 Losses – What Insurance Policies May Provide Coverage

5/4/2020

0 Comments

 
Picture

What types of commercial insurance apply to COVID-19 losses?  This article explains what types of policies should be collected and reviewed for potential coverage.


Read More
0 Comments

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    March 2023
    February 2023
    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | [email protected]