Importance of a Tech Savvy Audit Committee

Audit committees need to be technology savvy to understand how cybersecurity, hacking and other securities breaches can create major financial risk exposures for companies.  While, technology usually falls into the bailiwick and domain of the CTO or the CIO, the ever-changing landscape of technology, software-as-a-service and platform-as-a-service offerings along with virtual clouds, technology now also needs to be the focus of the CFO and the Audit Committee. The risk and threats associated with these technology advancements, creates a enterprise wide risk that could impact a company’s financial strength, its reputation and its growth strategies. 

We have seen in the past 2 years, multiple examples of how security breaches has lead to significant financial losses for enterprises through an increase in expenses, loss in revenue, distraction of reputation and brand equity plus the high cost of leadership distraction. Two high profile examples are, Target experiencing a data breach in which an intruder gained unauthorized access to its network and stole credit card information which as of their third quarter 2014 results has cost them total net breach-related expenses of $158 million; and Home Depot which as of its third quarter has experienced direct expenses of $35 million related to expenses to cover its credit card breach related expenses. What isn’t reflective in these amounts are the revenue declines these companies also experienced, Target saw a 46% year-over-year drop in profits in Q4 2013, when the news of the data breach surfaced. These risks aren’t limited to just financial system breaches, the leak of emails and other confidential data at Sony, has caused them to lose revenue, brand and trust with their partners, customers and suppliers. There is also the cost of distraction. When leadership teams are forced to focus on the reactive, on defensive postures and trying to assure customers they can be trusted, they are not focused on the growth of the business.

Data Security

Data Security

Security issues have become one of the biggest sources of reputation risk for companies, second only to ethics and integrity scandals, according to “Reputation@Risk,” a global survey and report from Deloitte Touche Tohmatsu Limited (DTTL). Security has even outpaced, albeit by a slight margin, product safety and customer service issues as a leading cause of reputation risk. And these risks aren’t limited to hacking or other illegal activities. SafeNet conducted a data breach study which showed that internal careless mistakes has led to 24% of all data breaches.

This Safenet study also showed there has been a nearly 25% increase in breaches in the third quarter of 2014 compared to the same quarter last year.  CFO’s and by extension the Audit Committees should be knowledgeable and current on risks within their industry and the limitation and weaknesses within their business processes.  It should be understood which of these risks could be a major threat to the company’s growth strategies and financial health.