By 2021, cybercrime will cost the world economy an estimated $6 trillion annually, up from $3 trillion in 2015 (Cybersecurity Ventures). No longer solely the concern of IT departments, the greatest transfer of economic wealth in history must be addressed — as a top priotity — by stakeholders of businesses and nonprofits of all sizes. 

Indeed, with recent earth-shattering breaches — like that of Equifax — and increased litigation against board members following privacy breaches, the subject of cyber security is finally getting added to the board meeting agenda.

To help your leadership team clearly establish your company's cyber security stance, here are 3 conversations moving from the server room to the board room (and it's not just for Fortune 1000 companies): 

1. Have We Already Been Breached?

First, you must rip off the band-aid. The ethical response to the statistics (which say companies of all sizes are likely to have already experienced a breach) is to determine what data has already been exposed and to report it to the appropriate channels.

Action Item: Bring in a legal specialist and a 3rd party security auditor to examine potential breaches with your IT department.

2. We Are Responsible.

The second point of discussion is to formally acknowledge that all company stakeholders are ultimately responsible for securing your company's data. Former Equifax CEO Richard Smith, for example, claimed a security staffer failed to complete their responsibilities—this attempted blame shifting is now being thoroughly evaluated by the federal judicial system.

Action Item: With the input of a cyber security consulting firm, renew your chain of responsibility and  implement new weekly reports and check points for increased accountability. Consider designating a board committee to oversee cyber security matters. 

3. How Will We Detect and Respond to Future Attacks?

The final point of conversation won't be limited to a one-time discussion. Evaluate the strength of your essential cyber security practices, personnel, and partners. 

Action Item: Document your methodology for detecting and responding to future attacks, ensuring that all vectors of cyber attack are accounted for. 

Creating a Unified Response

Before initiating these conversations in the board room, you may need to discuss the real risk posed to companies like yours. We suggest reviewing Verizon's 2017 Data Breach Investigation Report to see how companies in your industry are being targeted by hackers. 

To provide your executive team and board of directors with an overview of your company's security policies and risks, consider a Security Framework Assessment. An executive report provided by an unbiased, third-party auditor can take board room conversations and translate them to actionable insights. 

By Charles Johnson, CEO of EDTS Cyber. For more information, visit www.EDTScyber.com,  call 855.411.3387 or email Charles Johnson [email protected] for a free consultation.