Cybersecurity and Short-Termism: Two Key Areas of Governance Risk Examined in New Research from The Conference Board
NEW YORK, Oct. 29, 2015 /PRNewswire/ -- The Conference Board today launched two major reports on topics poised in the years ahead to become—where they are not already—defining governance challenges for companies around the globe. The first report surveys prevailing threats, exemplary and cautionary case studies, and emerging best practices in managing cyber risk. The second investigates the dangers of short-term thinking for individual firms and the economy as a whole.
From Ridiculous to Ruinous, Escalating Cyber Risks Demand Proactive Governance
The past year has seen new breaches of cybersecurity revealed in the media on a seeming daily basis, with implications ranging from the embarrassingly personal (35 million adultery-website users "outed" by hackers) to the ominously political (state-sponsored theft of an entire Fortune 100 executive team's data, including Social Security numbers and health records.) Indeed, the sheer volume, variety, and audacity of high-profile cyber-attacks should disabuse leaders of the notion that any organization—commercial, governmental, or otherwise—is immune from the threat.
Emerging Practices in Cyber Risk Governance helps boards, C-suites, and frontline top managers develop the vigilance and resilience to thrive even as technology evolves and vulnerabilities proliferate faster than ever before. Drawing on publicly available data and the first-hand experience of leading corporations, think tanks, associations, and experts, the report provides a framework for guarding against the full gamut of internal and external cyber risks. To this end, it analyzes the lessons and impact of five high-profile security breaches, involving Target, JP Morgan Chase, Anthem, Sony, and the U.S. Office of Personnel Management. Alongside these cautionary examples are five case studies of Fortune 250 companies that have mitigated major cyber risks through a more proactive governance approach.
"In an age of hypertransparency and superconnectivity, cyber risk is not a standalone issue but one that interacts with other challenges at every level of a firm's business plan and strategy," said Andrea Bonime-Blanc, author of the report and CEO and founder of GEC Risk Advisory LLC. "These include everything from the risks third parties pose to supply chains and intellectual property, to human capital risks around employee/insider access to secure assets, to geopolitical and physical security risks associated with state-sponsored industrial espionage. Reputational fallout, moreover amplifies the risk—and potential damage—at every level. Boards and management alike must make cyber risk a central element of planning before an incident occurs."
Taking off from the latest trends, threats, and best practices, Emerging Practices in Cyber Risk Governance lays out ten keys for addressing the challenge:
1. Developing a triangular governance approach to cyber risk management that joins the board, CEO/C-suite, and frontline talent
2. Understanding the reputation damage to strategic cyber risk management gone wrong
3. Knowing the organization's cyber risk actors and stakeholders
4. Having a deep understanding and focus on organizational "crown jewels"
5. Engaging in a relevant cyber risk public–private partnership
6. Developing a cross-disciplinary approach to cyber risk management
7. Developing a cross-segmental/divisional approach to cyber risk management
8. Making cyber risk governance an essential part of organizational resilience
9. Choosing one of three proven cyber risk governance models: Vigilant, Integrated, or Command & Control
10. Transforming effective cyber risk governance into an opportunity for better business
Rebalancing Short-term Responsiveness and Long-term Responsibility
The second report, Is Short-Term Behavior Jeopardizing the Future Prosperity of Business?, examines the increasing pressures organizations face to prioritize immediate financial performance over long-term sustainability, and reviews proposed solutions—for recalibrating the balance. Moving beyond the heated rhetoric generated by headline stories, it offers a rigorous analysis of the four most impactful (and controversial) drivers of short-term behavior: activist hedge funds that agitate for immediate shareholder value above all else; executive compensation design that does not promote a "buy and hold" mentality; "quarterly capitalism" preoccupied with the next earnings report; and changes in capital markets in which trading has supplanted investment.
"Business investment has declined substantially in the last decade as compared with profits available for investment," said Donna Dabney, executive director of The Conference Board Governance Center and a co-author of the report. "Instead, public companies have increasingly spent their cash on dividends and stock buybacks to the point that payouts to shareholders in the second quarter of 2015 exceeded free cash flow."
"In coming years, growing labor shortages in mature countries are likely to cause corporate profitability to fall from the exceptional highs in the post–Great Recession," said Gad Levanon, labor markets lead at The Conference Board and a co-author of the report. "This will increase pressure to demonstrate short-term performance even further in the near future."
According to the authors, public corporations have been the engine of growth and prosperity since the beginning of the twentieth century, but future prosperity is being jeopardized by the short-term focus of many market participants on extracting value today instead of creating value for the future. The report lays out a number of steps public corporations, their investors, and policy makers can take to balance short- and long-term performance.
For complete details, visit:
Emerging Practices in Cyber Risk Governance
by Andrea Bonime-Blanc, with Melissa Aguilar, Gad Levanon, and Alexander Parkinson
https://www.conference-board.org/cyber-risk-governance/
Is Short-Term Behavior Jeopardizing the Future Prosperity of Business?
By Donna Dabney, Melissa Aguilar, Gad Levanon, and Alexander Parkinson
https://www.conference-board.org/short-termism/
About The Conference Board
The Conference Board is a global, independent business membership and research association working in the public interest. Our mission is unique: To provide the world's leading organizations with the practical knowledge they need to improve their performance and better serve society. The Conference Board is a non-advocacy, not-for-profit entity holding 501 (c) (3) tax-exempt status in the United States. www.conference-board.org
SOURCE The Conference Board
Share this article