The Role of Boards in an Era of Cyber Crime

By Thomas  Kelly

2018 has already seen an unprecedented number of data breaches. These breaches have cost companies like Facebook, Aetna, Orbitz, FedEx, Under Armour, Saks Fifth Avenue and SunTrust millions of dollars. As a result, consumers are becoming more cognizant of how to take charge of their own identity protection, and they are turning to services like MyIDCare for monitoring, identity theft coverage and identity  restoration.

But they are also demanding better protection of their data from the companies who have been given access to it, and corporate leadership — especially boards — are being held more accountable than ever for permitting poor digital security  practices.

Data breaches exposed over 2 billion records to identity theft in 2017. Whether it’s card skimming, email phishing, password theft or a host of other areas of risk, cyber security has become a hot-button topic – no matter your industry or sector. Repercussions for cyber security negligence are not only financial; in today’s increasingly connected world of social media, a company’s entire reputation could be put at  stake.

Public boards have long been tasked with the job of risk assessment, and guiding companies in managing those risks. One of the greatest emerging risks today is cyber crime, and protecting the identity property of customers — whether in retail, healthcare or financial services — is paramount. Following the massive security breaches of the past year, companies are being called to be more detailed in how they review their cyber security protections. And boards need to be increasingly aware that they should be playing a large part in safeguarding the data their enterprises are entrusted  with.

First, board members need to identify their company’s digital assets. What kind of assets could potentially be accessed, and what safeguards does the company already have in place to protect those assets? Are the digital security policies in place being properly followed? In the past, boards may have left execution of cyber security practices to management. But given growing risks and media attention, it would be wise for board members to have more hands-on  involvement.

Sometimes, the answer is as simple as protecting information like social security numbers, medical records and credit card numbers. But when digital assets include more complex data like business plans, algorithms, or intellectual property, the waters become  murkier.

Board members don’t have to have all the answers. But they should be asking the right questions of their CEOs and executive teams. If security is lacking, they should be introducing the idea of hiring a consultant or forensics team who can review cyber security practices and educate a company in how to implement proper safeguards. Another option is to create a subcommittee for security oversight. Restructuring corporate leadership is a serious, but sometimes necessary,  step.

Board members should also familiarize themselves with the General Data Protection Regulation (GDPR) that took effect this May in the EU. The GDPR sets standards that companies have to meet in protecting their customers’ data. Right now, if your company processes any personal data of individuals residing in the EU, it must comply with the regulations. What’s more, it is only a matter of time before the U.S. adopts the same — or stricter — regulations. Fines for not properly complying with GDPR are high, and could cost a company millions of dollars. Shareholders are increasingly expecting boards to provide leadership in ensuring a company is complying with any necessary  regulations.

The 2018 Edelman Trust Report revealed that the public currently has more faith in businesses’ and NGOs’ ability to effect change than the government’s. This indicates that despite the data breaches of the past several years, consumers are still willing to trust the companies and organizations that have access to their data. In return, boards, as leadership, should be demonstrating a commitment to safeguarding that data through diligent cyber security  practices.

Thomas F. Kelly is president and CEO of ID Experts, a Portland, Oregon-based provider data breach and identity protection services, such as MyIDCare. Price of Business listeners and readers will receive a 10 percent discount for their MyIDCarepurchase by visiting:

All opinions expressed on USDR are those of the author and not necessarily those of US Daily Review.