What Directors Think About Data Security and Cyber Risk

Don Miller

NYSE Governance Services collaborated with partners on a revealing survey of directors who serve on the boards of US-based, publicly traded companies.  The survey, named “What Directors Think,” analyzes directors’ opinions on a variety of topics.  Given that this blog is called MFT Nation, we will focus on those topics near and dear to our hearts—managed file transfer (“MFT”), information technology (“IT”) and data security.

IT is on Their Radar

The first item worthy of note is that IT is now very important to corporate directors.  How important?  According to the survey, an IT background (including the ability to oversee cyber security risks) is one of the top four attributes directors would look for when appointing a new director.  The survey also found that “IT strategy” is among the top five topics directors would include if setting the agenda for their next meeting.  These results must bring a smile to the faces of IT professionals who read the MFT Nation blog, especially those who have been laboring in relative obscurity for so many years.                                                                                                                                                    

They Want to Understand IT/Cyber Risk

The survey has even more highlights for IT professionals.  The increased importance of IT has lead to an increased emphasis on understanding IT/cyber risk.  About 40% of directors stated a desire to improve knowledge and understanding of risk oversight in general.  When it comes to IT/cyber risk in particular, a full 20% of directors lack confidence in their board’s understanding of its many facets.  More importantly for us MFT folks, only 46% of respondents were confident in their board’s ability to monitor risk relating to “security of sensitive data.”

Apply the “KISS Principle”

The survey provides keen insight into how directors prefer to analyze IT/cyber risk.  A little more than 44% said they could improve risk oversight if reports had “more key highlights” and “fewer details.”  In other words, when reporting to management IT professionals should apply the KISS (Keep it simple, stupid) principle, a term with which IT professionals are no doubt familiar.  Be brief, concise and direct.  Visual media—video games, the Internet, cell phones—has reshaped the way most humans digest information.  The result is that people relate far better to images than to text, so use a PowerPoint with graphs, diagrams, etc.

So take notice, IT professionals.  Are you struggling to maintain a home-grown file transfer solution that is difficult to manage and provides you with no visibility into its performance?  Is your organization still sending data unencrypted and/or not using a secure file transfer channel?  Is the file transfer infrastructure more complicated and bloated than it needs to be?

If you answer “yes” to any of these questions, the time is right for making a pitch to management for some help, and what better way to get help with managing cyber risk than by deploying secureXchange, bTrade’s managed file transfer software solution.  secureXchange has the features/functionality you need to secure, manage and report on cyber risk related to the transmission of data, such as dash boarding (real-time monitoring), auditing and tracking of messages, alerts and notifications, data-at-rest encryption, and compression/encryption built on the power of bTrade’s proprietary algorithms from Comm-Press®.

If you need help with your pitch, or have any questions about how a managed file transfer solution can help, please reach out to our managed file transfer and data security experts at info@btrade.com.