Digitalization is a double-edged sword
The digitalization of companies has gone from being a phenomenon of increasing importance to consolidating itself as a macro-trend, omnipresent in all the fundamental aspects of everyday life. Despite the benefits and advantages derived from incorporating its efficiency elements, the risk of cyberattacks increases with the degree of digital dependency.
It is worth remembering the data breaches suffered by Sony Pictures in 2014, in which the hackers perpetrators published personal information about their employees and family members, as well as unreleased movies and scripts for future projects, or the attacks Ransomware Like the infamous I Wanna Cry which infected nearly 70,000 devices, paralyzing the British National Health Service and forcing companies such as Nissan and Renault to stop its production. These cases demonstrated that the burden of responsibility for cybersecurity should not fall solely on the Chief Information Security Officer and/or the IT department, but should form part of the company's risk management policy. The new business reality, caused by the current health crisis, has further atomized these threats.
Keeping the Board of Directors well informed is part of the CEO's responsibilities
It is of the utmost importance that members of the Board of Directors understand the risks involved in operating from a position vulnerable. The Council, as a governing body, has a fiduciary responsibility, and as such, must be well informed of risk management policies of the company. In the field of digitalization, this means being up to date with cybersecurity policies.
Helping them to assimilate the need to invest in cybersecurity is one of the missions to which the Investor Relations function can contribute, because it will be a growing demand and concern of the market, as is happening with the field of ESG policies. This new dimension of risk will require an adaptation process at the level of corporate culture, processes and communication.
In the area of communicating with investors and analysts, companies that are willing to share what the risks are should reflect how they are dealing with them. In this regard, it is especially important to Equity Story as a core communication tool, since in addition to being an opportunity to present Selling Points of the company, offers the opportunity to explain the strategy in terms of risk management in general, and in the case that concerns us, the cybersecurity competence in particular. What steps are being taken to protect strategic operational information? , what measures are applied to ensure the functioning of digital processes, both internal and external? These are some of the questions that investors can start asking us at meetings One on One.
As Chris Dimitriadis points out in his article 3 Ways to Speak the Board's Language Around Cyber Risk, in the debate within the Board of Directors, it will be important to compare the company's cybersecurity practice with respect to its competence to identify relative gaps and, above all, to establish actions to cover them.
An Exercise in Credibility
Just as companies operating in countries with significant insolvency or currency risks must incorporate these aspects into their risk management policy, for digitalized companies, adopting a transparent stance on cybersecurity will be an exercise in credibility.
-
Francisco Blanco Bermúdez / Juan Jose Ros
Founding parter of Sigma Rocket
