Cyber breach: one of the most challenging and complicated issues a board can face.

• Author: Horovitz, Bernard R.
• Position: BOARDROOM RISKS

Thirty-one percent of corporate directors don't know if their company has a crisis plan for cyber attacks. Twenty-seven percent know it does not.

That puts almost six in 10 boards and public companies at risk of falling victim to a malicious digital assault--and to the lawsuits from customers and shareholders that will surely ensue.

In a world where risk is parsed, quantified and wagered upon by countless investors and enterprises, many boards are making a bad bet by failing to plan ahead. Mitigating the risk to your company is essential, but it's of critical importance first to understand the types and dangers of 21st century cyber risk.

Hacking, digital espionage, data theft, denial of service attacks and other electronic sabotage can cause major business disruptions and liabilities. For example, the TJX Companies incident in 2007, in which a hacker stole personal information on 45 million customers, cost nearly S200 million to resolve, according to a memo in the criminal case that followed.

Yet, it's almost human nature today to underestimate the risks of the digital world. We routinely fail to adequately protect our passwords, or even bother to back up our hard drives at home. According to a June 2012 survey by Harris Interactive, 43% of home computer users back up their data less than once a year or have never backed up at all.

That is not the kind of laissez-faire lack of stewardship that can go on in a corporate boardroom. And queried specifically on the issue, directors know it.

The digital world is still new and rapidly evolving, faster than most businesses can realistically keep up. Replacement cycles for technology have been accelerated. Every new system has its weaknesses; every older system has been figured out by the hackers.

Employees are using their own laptops and smart phones, or working remotely from home computers, creating more potential entries into a supposedly secure system. Customers and vendors are linking their systems, enhancing efficiency even as they open the doorto more potential intrusions.

System vulnerabilities are irresistible to organized hacker groups---some of them criminal enterprises, some politically motivated, some merely malicious vandals. Cyber networks can with a few mouse clicks cause billions in damage. Iran and China have caused havoc by hacking into both government and business computer systems.

[ILLUSTRATION OMITTED]

In 2011, a denial of service attack forced the suspension of trading on the...