The rapid shifts that companies made in 2020 and the first half of 2021 to keep their businesses up and running during the COVID-19 crisis—remote work arrangements, supply-chain adjustments, and increased reliance on online platforms—were a boon for organized crime, hacktivists, and nation-states. Cyberattacks of all types proliferated during the pandemic, and recent headlines of brazen attacks—from the SolarWinds1 breach to the ransomware attack on the Colonial pipeline2—with far-reaching implications for supply chains and the economy highlight the ongoing cybersecurity challenge facing companies.
Indeed, the acceleration of digital strategies, the likely continuation of remote work and hybrid work models, and increased regulatory scrutiny of data privacy continue to elevate cybersecurity and data governance on board and audit committee agendas.
As boards refine their boardroom cybersecurity and data governance discussions and oversight processes, the following considerations may be helpful.
1 SolarWinds Hack Victims: From Tech Companies to a Hospital, Wall Street Journal, December 21, 2020.
2 Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity, New York Times, May 14, 2021.