India Insights with Geetha Nandikotkur

Audit , Electronic / Mobile Payments Fraud , Enterprise Mobility Management / BYOD

Do Boards Understand Cybersecurity?

Corporate Leaders Need to Comprehend How Any Risk Could Jeopardize the Business
Do Boards Understand Cybersecurity?
(From left) Bithal Bhardwaj, GE; Sanjay Sahay, Karnataka Police; and Ajay Kanwal, Jana Small Finance Bank

Many corporate boards of directors in India have made progress in recognizing cybersecurity as a priority. But clearly, they still have a lot of work to do.

That was the consensus of security experts participating in a panel discussion at Information Security Media Group's recent Fraud and Breach Summit in Bengaluru.

"It is important for the board and security teams to work together, bringing about a culture and awareness on how threats could emerge in different forms." 

"Enterprises have come a long way in dealing with security; every organization today has an enterprise risk management framework to deal with financial, social, security and multiple other risks as it causes business disruption," said Bithal Bhardwaj, CISO, international regions, for GE.

But, he added, "The board must understand the implications of cybersecurity in terms of the overall risk structure and be part of the risk management framework to understand how any risk could affect organizations and jeopardize business."

Need for Awareness

Ajay Kanwal, managing drector and CEO at Jana Small Finance Bank, said that although the financial industry is way ahead of other business sectors in dealing with cybersecurity challenges and meeting regulatory compliance, boards still need to improve their awareness of the issues.

"While understanding of compliance issues exists, a lot more education is required regarding the basics of security, including understanding how a malware affects the entire organization with an email compromise," Kanwal told summit attendees.

Sanjay Sahay, additional director general for the Karnataka Police, who chaired the session, noted: "It is important for the board and security teams to work together, bringing about a culture and awareness on how threats could emerge in different forms - whether through insiders, external hackers or malware invasions."

Winning Budgetary Support

Once boards actually take responsibility for assessing risks and overseeing data protection, CISOs will find it easier to win support for an adequate cybersecurity budget, Bhardwaj said at the summit.

"Large corporations still are regulatory and process driven, but the challenge lies with small and medium-sized businesses, which still have not been compromised by security breach situations," Kanwal said. "Hence, the senior management plays a significant role in bringing about awareness."

Bhardwaj pointed out that the security environment is changing as IoT and other smart devices become more common in enterprises. "It's time to enhance policing and ensure that teams ask the right questions to bring regulatory controls across the enterprise's spectrum and build the value of security as a business enabler," he said.

All boards should take steps to ensure that they have at least one board member with expertise in technology to help it make the right budgetary decisions for security, Sahay said.

While understanding risks is critical, boards also should also take the responsibility for helping eliminate any obstacles to the smooth functioning of security operations.



About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.