The escalating threat from cybercrime is set to force companies into upping the skills of their boardroom executives in 2016, a global security and risk management consulting firm has predicted.
“There is a lack of specialist cyber skills in boardrooms worldwide, including Britain’s, which is likely to become increasingly clear as 2016 progresses,” said Ed Stroz, executive chairman of Stroz Friedberg, which specialises in cyber security, investigations, and intelligence.
“Companies are under growing pressure from investors, customers and regulators seeking reassurance that cyber risks are being actively managed and that they have the capability to deal with the aftermath of an incident.”
Stroz believes cyber trends – from hacktivist and insider threats to implications of potential cyber legislation in 2016 – will push corporate boards into reviewing their options to ensure they are better informed and comfortable making risk management decisions.
He explained: “Leading companies in high risk industries like financial services will appoint specialist, non-executive cyber directors. To further address the significance of such risks and get ahead of a potential corporate governance failure, organisations may also form dedicated cyber risk committees in the coming year,” he said. “Modelled on existing audit committees, the cyber equivalent will create a board-level focal point for cyber risk, with the support of independent advisers to help strengthen a business’ cyber resilience.”
According to Stroz, while cybercrime knows no boundaries, certain industry sectors are at greater risk.
“Financial services, particularly banks, are highly attractive targets. UK regulatory bodies are already taking steps to move cyber resilience up the agenda, with Operation Resilient Shield the latest example of cooperation between the Bank of England and other UK and US financial authorities, to stress-test key institutions’ responses to a simulated attack. As a greater understanding of the industry’s preparedness emerges, we will likely see regulators push the concept of ‘cyber competent’ persons as a requirement for boards,” he said.