Why Boards of Directors Are Losing Sleep Over Data Breaches

 

Like many news stories, we become numb to the constant barrage of data breaches and begin to think that it is both normal and acceptable. In fact, just last month it was revealed that thousands of patient records were held for ransom in Ontario home care data breach in Canada. Similarly, data breaches in the healthcare sector continue to plague the United States. 

Sidebar: In the Ontario case, the breach was announced in June 2018; however, the full extent of the situation is only coming to light recently because of the group claiming responsibility, reached out to CBC. In addition, some of the victims claim they have not yet been notified.

If you are business owner or a member of a board of directors, news reports of this nature are likely causing you to lose sleep. And, if they don’t, they should. Data privacy, breaches and the impact on the business’ bottom line should be top of mind. Protecting, or not protecting, the personal data of your customers/clients and/or employees is serious business. It could cost you thousands, millions or even result ceasing operations. Regardless, as a business owner or a board member, the fiduciary duty may be more than you are aware of. Data or security breaches should never be thought of as normal and a course of business operations. More than ever board members need to demand that the proper investment and human resources are allotted to protecting the organization’s data. It is also no longer acceptable to not have awareness and increase your knowledge about data protection and cybersecurity risk management.

If you are a consumer, you should never accept that data breaches are normal. You should also never accept that your privacy is a thing of the past. Data is valuable. Your data is extremely valuable to you and your piece of mind. You own your data.

Increasingly privacy laws are being strengthened and for good reason. As consumers we have a right to protect our personal information. And, if this information isn’t adequately protected by businesses or organizations, then they should be liable for this breach and the ramifications for those who data they hold.

The good news is that many business leaders know and understand that data breaches and privacy do matter. They matter to boards of directors because they do have significant financial ramifications. For example, with the General Data Protection Regulation now enforceable it means significant fines for anyone doing business in Europe. In fact, the research is clear. More and more Boards are considering the critical importance of IT oversight and cybersecurity. According to Price Waterhouse Coopers (PWC) “less than one-fifth of directors are satisfied with the current levels of expertise on their boards. Only 19 percent say they have enough IT/digital expertise and don’t need more, and only 16 percent say the same about cybersecurity.”

So, what does this all mean? It means dollars. It means thousands, hundreds of thousands and possibly millions of dollars in fines and penalties. Some organizations are still playing Russian Roulette in the sense that will gamble with the fines at the time that an incident occurs. An interesting approach for a one-time event. However, the gamble may not pay off when board members are held accountable too. Or, if customers and investors walk away. Additionally, the probability that it is a one-time event is both naïve and short-sighted.

The risk of a data breach increases daily and the time to act is now. The time for consumers and investors to hold the feet of executive teams and boards of directors is now.

Want to talk more about privacy, communications and board governance? Connect with us.