In the last twenty years, the nature of corporate asset value has changed from physical to electronic assets. Eighty percent of total value of the Fortune 500 now consists of such intangibles.

Cyber threats are increasingly putting critical public infrastructure at risk, while endangering corporations' intellectual property, trading algorithms and personal data. The impact of these direct losses leads to reduced public confidence, harm to reputation, legal and regulatory sanctions, which in turn adversely affect price-earning ratios and share value.

Growing concern

Accordingly, board members are more attuned to corporate cyber security than ever before. A recent study found that data security was now number one on the list of worries faced by corporate boards.

Unfortunately, sophisticated corporate security is increasingly challenging because sophisticated attackers are now using techniques that outstrip many traditional defenses. Cyber attack methods practiced only by nation states a couple of years ago are now being used by common criminals.  Moreover, many economically efficient business practices technologies needed to drive growth and innovation also tend to undermine cyber security.

Increased liability 

To address this complicated problem, leading corporate boards are rethinking their entire approach to cyber defense. Sophisticated boards are moving their companies away from the traditional perimeter-based and technology-centered approach to an enterprise wide risk management system that fully integrates cyber security into core business process. Understanding the growing liability implications of cyber risk, boards are increasing the time that cyber issues are addressed at board meetings and enhancing their access to cyber security expertise.

Moreover, boards are increasing the expectations they are placing on senior management to implement a comprehensive cyber risk management framework such as recently developed by NIST. In addition, since absolute security is impossible, boards must decide which cyber risks to avoid, accept and mitigate and which to transfer through insurance. By better integrating business and security issues into overall corporate strategy, boards can begin to develop a sustainably secure system in the face of ever increasing cyber risks.