The corporate secretaries' response to a cyber attack

Network breaches are occurring more than ever.

In April, Corporate Secretary suggested ways corporations can protect their data. However, in the wake of the recent security breaches at Sony, Epsilon, NASA and Citi, the outlook for information security on the internet has turned decidedly gray.

‘Eighty percent of organizations suffered network breaches in the past 12 months,’ says Melissa Krasnow, a corporate partner with global business law firm Dorsey & Whitney’. ‘[Smaller] breaches, in addition to these high-profile ones, are occurring frequently.’

The number of successful network security breaches over the past 12 months.

bar chart
Source: Perceptions about Network Security study conducted by Ponemon Institute, June 2011.

You may not realize it now, but security breaches can happen at anytime.

According to ‘Perceptions About Network Security’, a survey released in June that tracked security breaches in the US, the UK, France and Germany, roughly 90 percent of the 583 companies polled claim that they've experienced a network security breach by hackers at least once in the past year. The survey also suggests these attacks can be costly as 41 percent of respondents say their company spent $500,000 or more to repair the damage incurred.

Krasnow, who is also a Certified Information Privacy Professional, provides a few practical steps corporate secretaries should follow in order to respond to a data breach:

(i) Be cognizant of the types of personal data covered by 46 state data breach notification laws, including social security numbers, which could belong to a shareholder, board member, employee or customer.

(ii) Determine whether your company has procedures in place for responding to a possible data breach and help make sure those procedures are complied with on a regular basis.

(iii) Carefully think through all communication about the data incident or breach, by taking into account SEC and related disclosure requirements, and coordinating with your company’s privacy office, information technology, internal and external public relations professionals, the legal department and outside counsel.

(iv) Consider cyber-insurance coverage; your company’s insurance broker can provide more information. This can help ease insecurities that may arise.

(v) After a data incident or breach, review company policies, procedures and practices to determine whether any changes are warranted.

The report, conducted by Ponemon Research and sponsored by equipment and software firm Juniper Networks, calculates the threats companies face in protecting themselves from these unlawful intrusions.

Not surprisingly, 59 percent of the surveyed companies — which range from organizations with less than 500 employees to those with more than 75,000 — experienced two or more breaches within the last year.

As cyber crimes continue to escalate, it’s important for corporations to learn important lessons before hackers penetrate deep into their data system and silently steal information – at anytime.

1 comment

You must be registered to comment.

Please Sign In or Register.

  1. John Kidder|

    For almost any corporation, it will be less expensive and more secure to trust governance data to outside service providers,who have the resources and the competency to maintain highly secure and up-to-date facilities. Internal IT personnel, no matter how good they are, generally have neither the competency nor the resources to match outside services.

Electronic board solutions: the high price of low-cost approaches

Today there are more reasons than ever to move to electronic board communications, and many different types of solutions to support this move. Many companies migrate directly to portal solutions designed specifically to support boards, while others choose generic software or create their own internal approaches, believing these to be lower-cost alternatives.Instead of gaining an improvement over paper, however, too many organizations end up paying a high price for solutions that ultimately fail to deliver on expectations. Lean how your organization can avoid these costly pitfalls.

Click here to download the report