An entire organization needs to be involved in managing its cyber risk – not just one person or one department. Collaborating as a team is the best approach to ensuring cyber risk readiness. In a recent blog, author Kurtis Suhs takes the position that the General Counsel should be coordinating all colleagues’ efforts in managing cyber risk. This may not be the best solution for every company, but the focus is that this is a team effort that involves every department. At any firm, “cybersecurity is not just an IT issue, but a business strategy that may create legal obligations for the organization.”Each department has a unique role to play in managing cyber risk from the Board of Directors to facilities management. Below is an overview of the key tasks of each department in playing a part to build cybersecurity within an organization.
- Board of Directors: “The board is ultimately liable for a company’s missteps and responsible for its survival. In today’s interconnected world, cyber risk management and resilience is a big part of that responsibility.”
- Information Security: This team should develop a cybersecurity program which includes data inventories, risk assessments, compliance strategies and incident response plan testing.
- Risk Management: This team needs to work to protect the firm in case there is a cyberattack. This includes getting the appropriate cyber coverage in place for the organization’s needs.
- Human Resources: It is critical that employees are trained on the cybersecurity, data security and security training policies in place. It is important to ensure these policies are properly written and enforced.
- Facilities Management: This group is involved in an information security plan because of physical security and protecting assets.
- Law Enforcement: Organizations should have a relationship with law enforcement so that if a cyber incident occurs, they can quickly contact law enforcement. The sooner law enforcement is involved in the event of social engineering and/or wire fraud attack, the more likely funds can be recovered.
Cyber risk does not affect only one department, it impacts the entire organization. Managing cyber risk requires the same level of connectivity. Whether it makes sense for your General Counsel to oversee cyber risk or not, developing a governance structure with a multi-division foundation is vital to protecting your organization. Speak to a trusted advisor today to determine the best team structure in building your company’s cybersecurity.