Landmark Information: Data security on the governance agenda
Data security is now a fundamental consideration for modern business and has been widely recognised as a key ESG governance issue for some time. Depending on the ESG standard or framework you look at, it may be determined a ‘material’ or key risk to your company according to the nature of operations you conduct or industry you sit within. It can be argued that data security may have greater financial implications for certain sectors, such as technology and communications or aerospace and defence. However, all businesses and organisations now rely on ITC systems for day-to-day functions, as well as for the processing and storage of sensitive financial or personal information either in relation to their employees, their customers or their own intellectual property.
For example, the impacts of a recent cyber-attack involving CTS, an IT partner for the legal sector, are wide ranging and have had huge implications for as many as 80 conveyancing firms whose case management systems were taken offline. The BBC highlighted both the emotional and financial impact this was having on property buyers and conveyancers as both were left in limbo following the incident.
In today’s digital world, the impacts of cyber-attacks or data breaches have been shown to significantly impact companies in a number of ways; they not only prevent the business from operating in terms of reduced performance or productivity, in turn, impacting customers, but also through financial penalties, as well as the harder to calculate outcome of reputational damage. Forbes recently published an article referencing the likely data/cyber-security issues and challenges in the year ahead for companies, organisations and governments. This included an anticipated increase in disruptive ‘hacktivism’ surrounding major global events such as the Paris Olympics and various global elections. The continuation of global conflicts is another consideration; as geopolitical tensions continue to rise, key ICT systems are increasingly vulnerable to cyber-attacks. Another area of concern is also expected to be targeted risks on digital infrastructure of individual companies from cyber-criminals using ransomware.
How can companies mitigate such risks when so many are reliant on and interact with third-party systems and software? Effective data and systems security management practices and strategic risk management can all help to reduce risk, which comes back to good governance. Cyber-security should be high on the agenda at board level in organisations and for those responsible for risk management, which should include regular reviews of systems and industry best practice, as well as a requirement for ongoing employee training. However, no strategy or approach can reduce risk entirely, and cyber-security experts are suggesting more tailored approaches are necessary to mitigate specific vulnerabilities and threats as cyber-attacks become more sophisticated and damaging. Are you ready to help your firm transition to a better future? Learn more about Landmark’s Sustainability Training Services.