Cybersecurity: What Every Board Member Should Be Aware Of
Troels Oerting Jorgensen, Head of the Centre for Cybersecurity, World Economic Forum, has been working with government and corporations to advise on how they react to increasing international cyber threats. Speaking recently at the SGX Centre in Singapore, he shared three critical things Board members need to know about cybersecurity.
Cybersecurity risks are no longer problems that only technology and digitally-focused companies should be concerned about. We hear about data breaches at giant tech companies, reputable financial institutions, and popular consumer software almost on a daily basis. State-sponsored attacks which are politically motivated are also on the rise. We keep hearing that each breach is worse and larger in scale than the one before. When every single phone or computer is a door to be attacked, security threats can affect us in ways that we are not even aware of.
Cybersecurity risks are on the rise but preventing them is not an easy task
Asia is particularly at high risk with very high rates of mobile phones per 100 people (Singapore: 148/100; Vietnam 126/100; Indonesia 174/100) [i]. Singapore is preparing herself to become a SMART nation, where all the devices and automated machines will be connected in extensive networks of networks[ii]. An enormous amount of data needs to be collected, stored, analysed and processed. It also means that the whole network is more vulnerable to cyber attacks.
Unlike any other crimes, the scale of cybercrimes is unprecedented. A cyber-attack can affect millions of people at the same time, and the magnitude of the damage can be massive. However, preventing cybercrimes is never an easy task.
Three major issues that hinder effective cybercrime prevention include lack of trust, lack of cooperation (either between competitors in the same industry or among countries), and lack of skills to deal with the risks.
Law enforcement at national and global levels are struggling to keep up with the new technology, let alone knowing how to counter-attack cybercrimes.
Trust is critical for companies to stand out
In his speech, Jorgensen emphasises that in the current market, “trust is the most critical factor” to differentiate between companies who are doing well and those who are not. From his experience visiting more than 100 countries in the world and meeting with leaders from global and local companies, he realises that there is no trust in the global network.
Unfortunately, the speed of digitalisation does not go hand in hand with the level of trust. The 2018 Edelman Trust Barometer reveals that 20 out of the 28 countries surveyed have distrust in institutions, and only 4 of them have trust in institutions[iii]. If board members are not aware of cybersecurity risks, companies may have to face crises that they are not prepared for.
What board members should keep in mind about cybersecurity
Not all board members are experts in cybersecurity, but they are experts in risk predictions and risk management. Board members should be able to assess the risks and prepare their companies to cope with them. There are three areas in cybersecurity that Jorgensen advises all board members should have in mind:
1. Security: cybercrimes are very organised, sophisticated, and any companies could be at risk. Sometimes the reason that a company falls into crisis is simply that of a disgruntled employee.
2. Privacy: everything we do on the internet is stored and sold as commodities. Any activities that companies do online is vulnerable to data breaching.
3. Integrity: cybercrimes nowadays are so sophisticated, and it is especially challenging to determine whether the information is authentic or not.
Having a strong and transparent code of ethics on how a company deals with its customers’ data is an equally critical aspect for board members to keep in mind. Jorgensen identifies a few big topics that board members should be mindful about in technology, including mobile technology, the Internet of Things, cloud computing, and AI.
The reality is, the amount of information given and exchanged is increasing at lightning speed; there is no way for companies to stand outside this flow. Board members should fully be aware of the risks and prepare themselves for the future.
Some of the content in this article is based on Troels Oerting Jorgensen’s public speech at “Hot Topics for Global Boards” at the SGX Centre on 11 January 2019.