Cybersecurity and Technology Trends and Tactics in the Boardroom and Beyond

A group of people standing in the background with a digital globe superimposed in front of them
Author
MarketInsite
Published

Digital advancements have redefined communication, streamlined organizational procedures, and modernized data processing and distribution. As more conveniences and possibilities surface—and software, platform, and device capabilities evolve—so does the risk of cyber-attacks. This can be especially true for larger organizations. Just as digital advancements can be seen as the stepping-stone for organizational improvements, they can also be used for harmful tactics, like data theft, ransomware, and other potential breaches.

Today, a point has been reached where it is no longer plausible to wonder if an organization will be met with a threat, but rather when. Accepting this, the future of cybersecurity boils down to essentials like risk mitigation, preparedness, and education. Taking it a step further, organizations—and their boards—may also consider how trends, like artificial intelligence (AI), are disrupting the cybersecurity landscape.

Cyber Risk Mitigation Tactics

In parallel with digital advancements and streamlining organizational procedures, the risk of cyber-attacks grows every day. For many organizations, cybercrime has imposed devastating financial consequences from ransomware, data recovery costs, and customer loss. According to an IBM report, the global average cost of a data breach in 2023 was $4.5 million, which is a 15% increase over three years—and continued growth is anticipated. Given the possibility that organizations may experience a cyber-attack or data breach, it’s important to drive awareness across stakeholders to help prepare. Some ways to prepare include:

  • Scenario planning. Practice is key. At the board-level, it is important to practice tabletop exercises with different ‘what if’ scenarios. The goal of the exercise is to enable board members to understand cyber risks, better anticipate cyber-attack scenarios, and know how to best respond. Beyond the board, organizations may also encourage executive teams and other departments to complete similar exercises.
  • Awareness and education. Cybersecurity matters can be intimidating for employees. Still, everyone’s efforts are needed to help decrease cyber-attack effects. Organizations should foster a cybersecurity-first culture, as well as make sure employees are able to detect and report signs of a breach, like phishing emails, viruses, and other attempts to gain unauthorized access to sensitive data.
  • Security programs. Zero-trust architecture, a type of security model that emphasizes the absence of implicit trust, may help prevent cybersecurity attacks. It does so by assuming every attempt to access data is potentially harmful, and requests additional identification or other steps to permission access. This type of security can strengthen defenses against data breaches and enhance an organization’s digital security.

Cybersecurity Preparedness 

Cyber breaches can lead to a loss in stakeholder trust, as well as financial and reputational consequences for organizations. As the number—and complexity—of cyber-attacks continues to increase, stakeholders are tuning in. They expect organizations to exhibit robust security measures and readiness for possible cyber threats. Keeping cybersecurity at the forefront of all operations requires extensive education for everyone within the organization, stemming from the top-down—at the board-level.

For board members, cybersecurity has become a critical priority. Board members are tasked with making strategic decisions to meet cybersecurity standards, as well as allocate resources and implement policies that can help ensure cyber threats find little to no opportunity for a potential attack.

To keep pace with digital advancements, boards may look to fill seats with cybersecurity expertise. Moreover, it’s important for boards to stay informed on the topic through education and external resources. One of the many responsibilities of the boardroom is to ensure that their organization demonstrates high security processes and that they are prepared for potential cyber-attacks. Board members want to be well-educated around cybersecurity trends and data, so they can ask the right questions, implement the proper protocols, and communicate risk mitigation tactics with stakeholders.

The Evolution of AI in the Boardroom

With AI being used now more than ever before, boards should be educated on the topic and understand how it can bring new opportunities to organizations and help reimagine processes.

First, it’s important to note that “humans are accountable for AI,” according to Saira Mohammed, Chief Security Advisor at Microsoft. “Humans are accountable for its performance, ethics, and growth. No AI system can be effective unless it’s grounded in the right data set. It needs to be tuned and continuously subjected to feedback from humans.” Leading by example, Mohammed shares that Microsoft is committed to a practice of Responsible AI by design, which is a framework guided by a core set of eight principles, including security and privacy. Microsoft adopts the principles earlier in the lifecycle during system design, as well as throughout the entire lifecycle. This practice ensures the appropriate controls and mitigations are baked into the system being built, instead of being bolted on at the end.

AI can be a key component in boardroom progression as well, especially as boards get more comfortable with it and its use becomes more normalized. Boards may observe improved workflows and productivity—all while executed with more security and efficacy. This is largely due to generative AI, which focuses on content creation. In addition to content creation, generative AI can offer great assistance with a wide range of boardroom and governance needs, like predictive analytics, data automation and compilation, and more.

“The mainstream offset of AI brings key opportunities to organizations,” says James Harley, Head of Product Strategy at Nasdaq. “They can repurpose some organizational processes, but that also brings with it risk and susceptibility to threat, as access to information increases.”  So, it’s important to be mindful that generative AI can produce inaccuracies. An AI system’s functions and effectiveness are largely due to its foundation: the data. False or biased data can lead to problems with the output. At the end of the day, it’s important to monitor actions and mitigate risk based on transparency, accuracy, and honesty—and that’s where the human element also comes into play.

Equip Your Board with the Right Technology

Given the digital advancements and heightened focus on cyber resilience, data privacy, and crisis management, finding the right technology for board collaboration has become critical to organizational success. Nasdaq, ranked among the top 100 risk technology providers on the Chartis RiskTech100 2023 list, equips boards with technology, like Nasdaq Boardvantage, which can help support business continuity during a cyber-attack. Learn more: nasdaq.com/solutions/governance/boardvantage.

A group of people standing in the background with a digital globe superimposed in front of them

MarketInsite

Nasdaq

Nasdaq’s Marketinsite offers actionable insights on a variety of market-moving topics. Learn from our thought leaders who are driving the capital markets of tomorrow.

Read MarketInsite's Bio