While everybody in the nation is rightfully concerned about the coronavirus pandemic, companies’ audit committees and boards should also make sure they are better prepared for a different kind of virus – cyberattacks on their data networks, writes Anthony C. Weagley, the CEO of Malvern Bank, National Association, for The Pottstown Mercury.
Recently, Malvern Bank partnered with the Association of Delaware Valley Independent Schools to sponsor a cybersecurity presentation by Baker Tilly, an accountancy and business advisory firm.
During the presentation, the firm presented several key principles that can help organizations manage cyber-risk.
These include understanding and approaching cybersecurity not just as an IT issue, but as an enterprise-wide risk management issue, ensuring that directors understand the legal implications of cyber-risks, and providing regular and adequate time during board meetings to discuss cyber-risk management.
Additionally, directors should instruct management to establish an enterprise-wide cyber-risk management framework with appropriate staffing and budget. Finally, all board and management discussions on cyber-risk need to include identification of which risks to avoid, accept, mitigate, or transfer through insurance, with specific plans for each approach.
Read more in The Pottstown Mercury here.