What the Board Should Know About IT Risk Management

Steven Minsky | July 7, 2011

Recently organizations have been faced with the increasing threat of cyber attacks, whether from external hackers such as lulzsec or from internal attacks such as wikileaks.  Your customers’ personally identifiable information, organization’s intellectual property, and confidential files are all vulnerable to attack.

How prepared is your IT Risk Management? How vulnerable is your organization to a cyber-attack?  What would the consequences of a cyber-attack be on your organization? Your board needs to know.

The consequences of a successful cyber-attack reach far beyond just legal or IT issues.  An organization’s reputation, customer loyalty, and ultimately strategic goals will suffer as a result deeply affecting the bottom-line.

A prime example is recent the Play Station Network breach earlier this year.  The security breach forced Sony to shut down their network for over a month disrupting Sony’s revenue, operations, and possibly even future sales.  What will ultimately hurt Sony as a result of the breach won’t be the legal ramifications or the cost of implementing better IT security.  It will be the breach’s long-term effects on customer loyalty, reputation, and even market share.

What would be the consequences of a data breach or other cyber-attack be on your organization? Are you prepared for an attack beyond IT resiliency?

With such high-publicity breaches at Sony, Epsilon, Lockheed Martin, and even the U.S. Chamber of Commerce, your board will want to know if your organization faces the same risks.  What Should You Present to the Board?

Report to the Board

Get some tips on reporting on risk management to the board in this eBook!

2018-02-01T10:32:00+00:00

About the Author:

Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky