Skip to main content
Jul 13, 2011

The corporate secretaries' response to a cyber attack

Network breaches are occurring more than ever.

In April, Corporate Secretary suggested ways corporations can protect their data. However, in the wake of the recent security breaches at Sony, Epsilon, NASA and Citi, the outlook for information security on the internet has turned decidedly gray.

‘Eighty percent of organizations suffered network breaches in the past 12 months,’ says Melissa Krasnow, a corporate partner with global business law firm Dorsey & Whitney’. ‘[Smaller] breaches, in addition to these high-profile ones, are occurring frequently.’

The number of successful network security breaches over the past 12 months.

bar chart
Source: Perceptions about Network Security study conducted by Ponemon Institute, June 2011.

You may not realize it now, but security breaches can happen at anytime.

According to ‘Perceptions About Network Security’, a survey released in June that tracked security breaches in the US, the UK, France and Germany, roughly 90 percent of the 583 companies polled claim that they've experienced a network security breach by hackers at least once in the past year. The survey also suggests these attacks can be costly as 41 percent of respondents say their company spent $500,000 or more to repair the damage incurred.

Krasnow, who is also a Certified Information Privacy Professional, provides a few practical steps corporate secretaries should follow in order to respond to a data breach:

(i) Be cognizant of the types of personal data covered by 46 state data breach notification laws, including social security numbers, which could belong to a shareholder, board member, employee or customer.

(ii) Determine whether your company has procedures in place for responding to a possible data breach and help make sure those procedures are complied with on a regular basis.

(iii) Carefully think through all communication about the data incident or breach, by taking into account SEC and related disclosure requirements, and coordinating with your company’s privacy office, information technology, internal and external public relations professionals, the legal department and outside counsel.

(iv) Consider cyber-insurance coverage; your company’s insurance broker can provide more information. This can help ease insecurities that may arise.

(v) After a data incident or breach, review company policies, procedures and practices to determine whether any changes are warranted.

The report, conducted by Ponemon Research and sponsored by equipment and software firm Juniper Networks, calculates the threats companies face in protecting themselves from these unlawful intrusions.

Not surprisingly, 59 percent of the surveyed companies — which range from organizations with less than 500 employees to those with more than 75,000 — experienced two or more breaches within the last year.

As cyber crimes continue to escalate, it’s important for corporations to learn important lessons before hackers penetrate deep into their data system and silently steal information – at anytime.

Aarti Maharaj

Aarti is deputy editor at Corporate Secretary magazine