Audit committees need to be technology savvy to understand how cybersecurity, hacking and other securities breaches can create major financial risk exposures for companies. While, technology usually falls into the bailiwick and domain of the CTO or the CIO, the ever-changing landscape of technology, software-as-a-service and platform-as-a-service offerings along with virtual clouds, technology now also needs to be the focus of the CFO and the Audit Committee. The risk and threats associated with these technology advancements, creates a enterprise wide risk that could impact a company’s financial strength, its reputation and its growth strategies.
We have seen in the past 2 years, multiple examples of how security breaches has lead to significant financial losses for enterprises through an increase in expenses, loss in revenue, distraction of reputation and brand equity plus the high cost of leadership distraction. Two high profile examples are, Target experiencing a data breach in which an intruder gained unauthorized access to its network and stole credit card information which as of their third quarter 2014 results has cost them total net breach-related expenses of $158 million; and Home Depot which as of its third quarter has experienced direct expenses of $35 million related to expenses to cover its credit card breach related expenses. What isn’t reflective in these amounts are the revenue declines these companies also experienced, Target saw a 46% year-over-year drop in profits in Q4 2013, when the news of the data breach surfaced. These risks aren’t limited to just financial system breaches, the leak of emails and other confidential data at Sony, has caused them to lose revenue, brand and trust with their partners, customers and suppliers. There is also the cost of distraction. When leadership teams are forced to focus on the reactive, on defensive postures and trying to assure customers they can be trusted, they are not focused on the growth of the business.
Security issues have become one of the biggest sources of reputation risk for companies, second only to ethics and integrity scandals, according to “Reputation@Risk,” a global survey and report from Deloitte Touche Tohmatsu Limited (DTTL). Security has even outpaced, albeit by a slight margin, product safety and customer service issues as a leading cause of reputation risk. And these risks aren’t limited to hacking or other illegal activities. SafeNet conducted a data breach study which showed that internal careless mistakes has led to 24% of all data breaches.