Rewiring Boardroom Cybersecurity

The hackers were able to install malware on Target’s point-of-sale (POS) systems, which allowed them to steal the credit and debit card information of approximately 40 million customers, as well as the personal information of 70 million customers including names, addresses, and phone numbers. Target had to pay out millions of dollars in settlements and fines, including a $18.5 million settlement with 47 states and the District of Columbia, as well as a $10 million class-action lawsuit settlement with affected customers. The breach also led to a drop in sales and stock prices, with Target reporting a $17 million loss in profits during the fourth quarter of 2013. Multiple board members, including Kenneth Salazar, Mary Dillon, Roxanne Austin, and CEO Gregg Steinhafel were called to testify before Congress.

The breach involved hackers accessing the personal and financial information of approximately 143 million Equifax customers, including names, birth dates, Social Security numbers, and credit card information. The breach also exposed driver’s license numbers for some customers. Equifax had to pay out millions of dollars in settlements and fines, including a $700 million settlement with the Federal Trade Commission (FTC) and other government agencies, and a $380.5 million settlement with affected consumers. The breach also led to a drop in Equifax’s stock price, and the resignation of several high-ranking executives. Richard Smith, then CEO of Equifax, was summoned before Congress in October 2017. Testimony also included current and former board members, including Mark Feidler, John McKinley, and Edith Cooper.

It’s well-understood today that the threat of cyberattacks poses a significant risk to companies in reputation, business continuity, and financial losses. Yet despite these and many other high-profile examples, companies and boards continue to make fundamental mistakes in their cybersecurity policies such as relying on regulatory compliance as a complete defense or relegating cybersecurity to a simple IT issue. Even as the level of awareness on this imminent threat has increased, it hasn’t necessarily translated into the required level of commitment at the board level, or ideally the appointment of a director with a spike on cybersecurity.

With such high stakes on the line, it’s clear that cybersecurity is an indispensable competence in the boardroom. In this e-book, author Dr. Moudy Elbayadi, CTO of Shutterfly and author of Big Breaches: Cybersecurity Lessons for Everyone, offers a concise and practical playbook for boards of directors to improve their understanding of cybersecurity issues and challenges, create a systemic approach to improve their company’s defenses, and prepare for potential attacks with an integrated, holistic plan.

Our hope is that these resources take your organization’s cyber-preparedness to the next level.

Are you ready to rewire your board?

William Houston
Member of Egon Zehnder’s Cybersecurity Practice Group