Data security is becoming an increasingly pressing concern for directors and general counsels, a recent survey has confirmed.
Legal Risks on the Radar, a special report issued by quarterly publication Corporate Board Member and FTI Consulting, Inc. earlier this month (August 13), sought to gain insight into what the biggest legal concerns were amongst decision makers and solicitors.
The respondents included more than 11,000 directors and nearly 2,000 general counsels from across the USA.
Of the respondents, 48 per cent of directors named data security as a serious concern going into the future. Operational risk (40 per cent), company reputation (40 per cent) and M&A Transactions (37 per cent) were also amongst the most recognised threats.
The general counsels surveyed gave a similar response, with 55 per cent labelling data security as a concern. 47 per cent named operational risk, while 38 per cent said management of outside legal fees was a concern.
Those numbers show a massive increase from the 2008 survey, in which only 25 per cent of directors and 23 per cent of general councils named data security as an area of high concern.
"Today, there is arguably no more insidious threat to a public company than that of cyber risk; it’s invisible, ever-changing, and pervasive – making it very difficult for boards to manage," reads the official report.
Other factors relating to vulnerability management, including company reputation and disaster recovery, were also named by both groups.
The results would seem to indicate that more business leaders and general counsels are now seeing the value of strong cyber security, and highlights just how valuable procedures such as penetration testing and performing a regular security audit are becoming.
However one concerning statistic revealed by the survey is that 27 per cent of directors said that they did not have a crisis management plan in place for dealing with a cyber attack.
Nearly one third of directors (31 per cent) said that they were unsure about what their plans were for dealing with a serious cyber security incident, while 42 per cent said they had taken steps towards identifying a crisis management plan.
That is surprising in light of recent high profile cyber incidents which have seriously affected global organisations and compromised user data.
The survey also touched on the usage of social media in the workplace, an important area when we consider the danger of social engineering in the modern digital landscape.
Surprisingly, only 39 per cent of directors and general councils said that they currently had a social media policy in place while 60 per cent said that they felt their board did not have a good handle on the risks associated with corporate social media.