Tuesday, July 26, 2011

Board Members need to review Information Security on par with Financials!

The News of the World Phone Hacking Scandal made a big splash on world headlines. The scandal where reporters allegedly paid hackers to hack into the voicemails of prominent people, celebrities and even a young murder victim to create front page news for the tabloid enraged UK. The drama continued with Rupert Murdoch and his son James being placed in front of a congressional committee, embarrassing links to the UK Prime minister, police force and the voluntary closure of the Tabloid. The effects ran deep, eroding the brand value of the largest media empire, the credibility of a powerful entrepreneur, brought up uncomfortable questions on the integrity of the newsgroup’s acquisitions and impacted stock value.
In the congressional review, Rupert Murdoch said he was unaware of what was going on. I believe him, but does that absolve him of accountability. In the eyes of the parliament and people it did not.
This incident is not isolated. There are others where companies have not ensured the security of private data and suffered serious data breaches. In each of these cases the answer from the board was “I did not know”.
All these examples had the boards offering a public apology for what happened. This in itself underlines how significant the reputational impact of such a breach is on today’s Internet Savvy consumers.
The most significant learning is that security and safety are board room issues. The Board has to review the security dashboard of an organization in the same way it reviews its financial numbers. No longer will Boards have the luxury of treating information security as a hygiene factors and feign ignorance.
The writing is on the wall.

Related Reads:

How CEO’s can pass the Security Test? A letter to CEO’s