Skip to main content

If You Serve on a Board, These are the Questions You Should Ask About Cybersecurity

By July 11, 2022July 12th, 2022Insurance

Board members of both public and private companies have a fiduciary responsibility to establish and oversee business policies that drive a company’s financial growth and performance, including how their organization manages cybersecurity threats. Not only can a company be put at risk by cybersecurity breaches, but a director can also be held personally liable in some instances. Therefore, boards must understand the impact a cybersecurity incident can have on the organization and take steps to limit its exposure.

To minimize the opportunity for a cybersecurity breach and limit liability, boards should consider asking their IT professionals the following questions:

  • What data do we have? Boards should understand the types of data the company collects, its value to the company and potentially to others, who owns it and who in the organization is strategizing how it should be protected.
  • What is our cybersecurity strategy? It’s critical to understand what measures are being taken to protect data, brand reputation and shareholder value. Boards should understand how often internal cybersecurity controls are reviewed and if they’ve been tested.
  • What are our detection capabilities? Many breaches are not detected immediately after they occur. In some cases, it can be weeks, months or even years before the incident is detected. It is the responsibility of the board to understand what steps the organization is taking to quickly detect a cybersecurity incident and minimize damage.
  • Do we have an incident response plan? Companies should have plans in place for various types of threats. Once an incident occurs, it will be too late to develop a mitigation plan. The steps organizations take in response to an incident are critical to reducing the impact.
  • Is cybersecurity investment adequate? Companies should evaluate their protection and risk tolerance levels to allocate a cybersecurity budget.
  • Do we have cyber insurance? Cyber insurance can protect companies against liabilities related to a data breach and other cyber-related incidents.

 

While boards don’t manage day-to-day cybersecurity operations, they have company oversight and fiduciary responsibilities. Asking the right questions can minimize cybersecurity risks and prevent a breach from becoming a disaster. 

 

Choosing the right insurance agent is one of the most important decisions you will make. The Turner Agency, Inc. is a local Trusted Choice® independent insurance agency headquartered in Greenville, South Carolina.  Serving the Upstate of South Carolina and beyond since 1962, we offer a variety of personal and business coverage choices and can customize an insurance plan to meet your specialized needs for your business, homes, automobiles, recreational vehicles, secondary homes, and more. 

Information in this article is not all inclusive regarding the subject matter. This content is offered for educational purposes only.