Some 42 percent of 11,340 surveyed US board members have a concrete response and crisis management plan in the event of a cyber-attack against their corporations.
With more and more US-based companies adopting the Internet as the favorite channel of communication, sales and delivery in the past decade, online safety has become a key concern in 2012.Â The 2012 Law and the Boardroom Study commissioned by The Corporate Board Member and FTI Consulting, Inc. reveals that both directors and general counsel â€“ two critical governance groups â€“ are now much more concerned about security strategies at the corporate level than they used to be one year ago.
Risks related to cyber-security are much more insidious than any other type of risk: they are more difficult to spot in time and have a wider scope than physical risks. The attacks attributed to the Anonymous group in 2011 and 2012, as well as advanced persistent threats at the network perimeter are nearly impossible to be managed by board members.
According to the report, in 2011, the median annualized cost of cybercrime was estimated at $5.9 million. 48% of the questioned directors and 55% of General Counsel said that data security should be a key concern, but only 42 of the managers currently have response and crisis management plans in the event of a cyber-attack. The rest of the questioned executives claimed that they either donâ€™t have a contingency plan (27%) while 31% were not sure whether they had a crisis management plan formally implemented.
The level of concern related to cyber-threats nearly doubled in the last four years. In 2008, only 24% of the questioned executives were concerned about data security.