Simon Pamplin discusses why data security needs to be high on the c-suite’s agenda, mapping data breach repercussions to the c-suite’s areas of responsibility and exploring the organizational and personal consequences.
Core responsibilities of the c-suite
The c-suite’s responsibility sits further than just overseeing the management and operations of a company, from financial performance to strategic planning, and risk management.
According to the National Association of Corporate Directors, the core responsibilities of the c-suite can be summarised into the following areas:
- Strategy: developing and approving the company's overall strategic direction and ensuring that it aligns with the company's values and objectives.
- Financial performance: overseeing the company's financial performance, ensuring that it meets its financial goals and objectives, and maintaining accurate financial records.
- Risk management: identifying and assessing the risks associated with the company's operations and developing strategies to mitigate those risks.
- Corporate governance: ensuring that the company adheres to ethical and legal standards, including compliance with regulatory requirements and the protection of shareholder interests.
But how does the management and security of data fall into these responsibilities and why?
Why data security sits at c-suite level
Data has become one of the most valuable assets for companies of all sizes and the sheer volume of data being generated and stored by businesses has increased exponentially over the past decade, leading to increased risks and vulnerabilities associated with data breaches.
A data breach can result in financial losses, damage to the company's reputation, and even legal action, all of which can negatively affect the board's ability to fulfil its responsibilities.
Theft of customer data can have serious consequences, not only for the business as a whole but also for the individuals responsible for the business. In some cases CEOs have lost their jobs following data breaches - highlighting just how important data protection is at the board level.
So just how do data breaches map to the c-suite’s responsibility?
- Strategy: a data breach can cause serious disruptions to operations, leading to losses in productivity and revenue; impacting on the company’s ability to achieve strategic objectives and in some cases causing complete revisions in strategic direction depending on the data breach’s severity.
- Financial performance: with the average data breach for enterprises costing millions, significant financial direct losses occur but these also cascade to costs of incident response, investigation, and further legal fees. These are the short-term affects but in the long-term these losses can continue as businesses experience loss of revenue, due to productivity being impacted, as well as reductions in customer base and market value - seriously impacting the c-suites’ financial goals.
- Risk management: a data breach exposes the company to regulatory fines and legal action. The board is responsible for identifying and mitigating risks, including the risk of data breaches, to ensure the company's continued success. Holding the data team accountable for breaches is no longer enough to keep protected. Responsibility for organizational data sits at the top of the enterprise.
- Corporate governance: any media attention from legal action and regulatory fines, can hugely impact the company's reputation and shareholder value; and loss of customer trust and confidence increases revenue instability and market value losses. Responsibility for ethical and legal standards sits at the c-suite level, including the protection of customer and shareholder data.
Too many senior leaders are still relying on the network security team to safeguard data. They are not probing enough to identify potential risks to the business, which could be considered to be reckless. Neglecting to safeguard data is equivalent to failing to protect the company, its employees, and shareholder value. Therefore, it is imperative that the c-suite must understand the significance of data security and the impact it has on their accountability.
Simon Pamplin, CTO at Certes Networks.