How to prevail when technology fails - Flipbook - Page 40
40 | How to prevail when technology fails
“Data breaches have happened for many years. But what’s new,
especially for those in Europe, is that collective or class action litigation
now follows.”
Christine Gateau | Partner, Hogan Lovells
Headline-grabbing penalties and damages
mean that most businesses are now aware of the
potential consequences: two-thirds of businesses
acknowledge that there is a modest or significant
risk of a regulatory investigation or litigation
following a data breach. Our survey data also shows
that many are not doing enough to mitigate this.
More fundamentally, most boards are not yet giving
technology risks enough attention.
Cyber risk is a
boardroom issue
To ensure that the cybersecurity mitigation
measures knit together to form the strongestpossible defense, senior management and the board
need to play an active role in overseeing how cyber
risks are managed.
There are two further reasons for this. First, major
strategic business decisions can create cyber risks
and vulnerabilities. A strategic move by a traditional
manufacturing company into producing goods that
process sensitive personal data, or a decision to
invest significantly in new technology, can create
extra cyber risks. Second, regulators increasingly
call on board directors to actively oversee
technology risks.
But our survey data shows that 60% of boards
only oversee technology risk “to a minor extent.”
Just 9% look at it “to a significant extent,” whereby
they oversee management of a broad range of
technology risks and deem them to be as important
as traditional risks, such as financial risk.
In order to manage technology risk effectively,
boards need to understand the nature of the threat.
But there is significant scope for improvement here:
just 37% of surveyed businesses are more than
“somewhat confident” that senior executives at their
business understand the risks associated with the
technology they are developing and implementing.
One practical way to improve executive management
of technology risk is to establish an executive subcommittee that specifically addresses these issues.
“Technology risk should be a priority for C-level
executives,” says Matthew Owens, Global Head of
Legal, Digital, at Novartis. “This is a key priority for
us as we fulfill our strategic goal to go big on data
and digital.”