Mike Kosonog, Detroit Cyber Risk Services Leader, Deloitte & Touche LLP

October is Cybersecurity Awareness Month, an ideal time to thoroughly assess an organization’s cybersecurity policies and procedures.    A breach can cost a company an average of $9.44 million, according to Ponemon Institute and IBM Security’s 2022 Cost of a Data Breach report. More than 83 percent of organizations surveyed have had more than one data breach, according to the report. I’d add that cyberattacks often pull valuable resources away from other pressing concerns such as growing a business and taking care of employees, and that a breach can create major mistrust between an organization and its customers.   With cybersecurity in mind, I invite readers to attend the Michigan 2022 Cyber Summit. Deloitte is a sponsor of this annual event, scheduled for Thursday, October 27 at the Suburban Collection Showplace in Novi. State leaders as well as Jen Easterly, director of the state’s Cybersecurity & Infrastructure Security Agency, plus cybersecurity experts from other states and from business and industry will present at the conference. To register for the summit, click here.

There are many business reasons to attend the summit. You will have an opportunity to network with peers, hear from industry leaders on the latest happenings, and gain insight into the latest issues, threats, and innovations in cyber.    A recent report from Deloitte’s Center for Board Effectiveness DCBE highlights questions organizations can consider to better integrate their business and cyber strategy, improve risk management and governance, and refresh incident management processes to keep up with the evolving regulatory landscape:  

1. What is our organization’s holistic cyber risk policy? Cyber risk policies should include what happens in the event of a ransomware attack, an assessment of the risk to operational technology in addition to information technology, risk mitigation for third parties and contractors, and cyber assessment processes for mergers and acquisitions. It also includes a review of the last assessment and revising it to accommodate any changes in the business (for instance, a new IT system).    2. Does our policy align with National Institute of Standards and Technology (NIST) cybersecurity framework guidelines? NIST’s framework helps guide companies in assessing and improving their ability to prevent risks and respond to breaches. These frameworks set guidelines for identifying areas at risk; protecting critical infrastructure from attacks; detecting attacks when they do happen; responding to attacks; and recovering from them.    3. What role do management and the board play in implementing this policy? It shouldn’t just be “the IT people” responsible for cybersecurity policy. The National Association of Corporate Directors suggests that boards approach cybersecurity as the organization-wide issue that it is.    4. Who on our board has cybersecurity experience? As is the case with many reporting tasks, at least one board member should have deep expertise in cybersecurity.    Overall, then, two suggestions to commemorate Cybersecurity Awareness Month: Attend the Michigan conference to obtain a wealth of information and leading practices, and review Deloitte’s Center for Board Effectiveness report on board oversight of cybersecurity. 

About the Center for Board Effectiveness Deloitte’s Center for Board Effectiveness helps directors deliver value to the organizations they serve through a portfolio of high quality, innovative experiences throughout their tenure as board members. Whether an individual is aspiring to board participation or has extensive board experience, the Center’s programs enable them to contribute effectively and provide focus in the areas of governance and audit, strategy, risk, innovation, compensation, and succession.   About Deloitte Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today’s marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s approximately 415,000 people worldwide connect for impact at www.deloitte.com.   Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Staying current is easy with Crain's news delivered straight to your inbox, free of charge. Click below to see everything we have to offer.

With a Crain’s Detroit Subscription you get exclusive access, insights and experiences to help you succeed in business.

Helping you succeed in business since 1985.

1155 Gratiot Avenue Detroit MI  48207-2997