The Chief Information Officer has historically ignored the concerns of security because they are primarily invested in ensuring operations continue, even if that means taking on unnecessary risk. That is about to change as companies believe adding cyber security experts to the boardroom will translate to an effective defense strategy (emphasis added):
The privately held Pasadena firm’s latest board member is Suzanne Vautrinot, a retired Air Force major general who helped create the Department of Defense’s U.S. Cyber Command and led the Air Force’s IT and online battle group.
Parsons is at the forefront of a fast-expanding trend in corporate governance: the elevation of cybersecurity experts to the boardroom, a perch traditionally occupied by former CEOs and specialists in marketing and finance.
In recent months, AIG, Blackberry, CMS Energy, General Motors and Wells Fargo have added a board member with computer-security knowledge. Delta Air Lines and Ecolab did the same in recent years.
The reasons are clear. Cyberattacks on large companies skyrocketed 44% last year from 2013. Cybercrime costs businesses more than $400 billion a year, according to Lloyd’s of London.
Boards are responsible for advising chief executives on setting goals and plans to achieve them, and to question the challenges standing in the way. Not adequately addressing a cybersecurity risk could prove costly — in money, reputation, legal bills, lost time and lost customers.
Just ask Target. Since hackers breached its payment systems two years ago, Target has spent $256 million cleaning up the mess, with insurance expected to cover about a third. Though costing a small slice of revenue, the damage was enough to sack the chief executive and scare away many customers for several months. Government investigations and several lawsuits from affected customers and business partners are ongoing.