New technologies are emerging every day rapidly. Big data, cloud computing, and social media are some of the good examples of how technologies have transformed the way we analyse, store data as well as interact. Due to the sudden expansion in technology, cybersecurity and role of the audit committees have also become increasingly important.
According to Deloitte 2018 Tech Trend, the digital reality, cognitive, and blockchain—stars of the enterprise technology realm—are redefining IT, business, and society in general. As such, security activities can no longer be considered just the purview of the IT function. Such efforts are becoming tightly linked to broader business, governance, and risk activities for the audit committee, other board members, as well as management.
The extent of the audit committee’s involvement in cybersecurity issues varies significantly by company and industry. In some organizations, cybersecurity risk is tasked directly to the audit committee, while in others, there is a separate risk committee. Companies which technology forms the backbone of their business often will have a dedicated cyber risk committee focused exclusively on cybersecurity.
Regardless of the formal structure adopted, the rapid pace of data growth and the attendant risks highlighted by the recent security breaches reflects cybersecurity as a substantive, enterprise-wide business risk.
Audit committees should identify the trends, regulatory developments, and major threats, as the risks associated with intrusions can be severe and significantly affect shareholders. There are two foundation lines that the audit committees can keep in mind when overseeing cybersecurity risks.
Two Things to Keep in Mind
- How do we know what data is leaving the company, and what associated monitoring activities are in place?
- Do we have a response plan for cyber incidents? Is it up to date and have we practiced it?
We recommend every company’s Chief Information Officer (CIO) to be informed and act accordingly as to strengthen the organization’s state of security.