Cybersecurity and Decision Makers

Cyber security is a key issue affecting the confidence of Internet users and the sustainability of businesses. It is also a national issue with regards to economic development and resilience.

As a concern, cyber risks are not only in the hands of IT security managers, but of everyone, and non-executive directors and managing directors may be held to account in relation to shareholders, customers, suppliers, employees, banks and public authorities.

The implementation of a cybersecurity system, including processes, devices and training, is essential to protect a company against theft of strategic and personal data, sabotage and fraud.

Cybersecurity and Decision Makers presents a comprehensive overview of cybercrime and best practice to confidently adapt to the digital world; covering areas such as risk mapping, compliance with the General Data Protection Regulation, cyber culture, ethics and crisis management. It is intended for anyone concerned about the protection of their data, as well as decision makers in any organization.

Auteur
Marie de Freminville is a non-executive director and founding partner of Starboard Advisory. She is also a member of the IFA (French Institute of non-executive Directors), HEC Governance and Swiss Association of Women Directors. In addition, de Freminville is an expert in governance, financial performance, risk mapping and data protection.

Contenu

Foreword xi

Preface xiii

Introduction xvii

Chapter 1. An Increasingly Vulnerable World 1

1.1. The context 1

1.1.1. Technological disruptions and globalization 1

1.1.2. Data at the heart of industrial productivity 3

1.1.3. Cyberspace, an area without boundaries 3

1.1.4. IT resources 4

1.2. Cybercrime 4

1.2.1. The concept of cybercrime 4

1.2.2. Five types of threats 6

1.2.3. Five types of attackers 9

1.3. The cybersecurity market 15

1.3.1. The size of the market and its evolution 15

1.3.2. The market by sector of activity 15

1.3.3. Types of purchases and investments 16

1.3.4. Geographical distribution 17

1.4. Cyber incidents 17

1.4.1. The facts 17

1.4.2. Testimonials versus silence 24

1.4.3. Trends 25

1.4.4. Examples 27

1.5. Examples of particularly exposed sectors of activity 30

1.5.1. Cinema 30

1.5.2. Banks 31

1.5.3. Health 34

1.5.4. Tourism and business hotels 35

1.5.5. Critical national infrastructure 36

1.6. Responsibilities of officers and directors 37

Chapter 2. Corporate Governance and Digital Responsibility 39

2.1. Corporate governance and stakeholders 39

2.2. The shareholders 40

2.2.1. Valuation of the company 41

2.2.2. Cyber rating agencies 42

2.2.3. Insider trading 43

2.2.4. Activist shareholders 44

2.2.5. The stock exchange authorities 45

2.2.6. The annual report 45

2.3. The board of directors47

2.3.1. The facts 47

2.3.2. The four missions of the board of directors. 47

2.3.3. Civil and criminal liability 49

2.3.4. The board of directors and cybersecurity 50

2.3.5. The board of directors and data protection 53

2.3.6. The statutory auditors 54

2.3.7. The numerical responsibility of the board of directors 55

2.4. Customers and suppliers 56

2.5. Operational management 58

2.5.1. The impacts of digital transformation 58

2.5.2. The digital strategy 59

2.5.3. The consequences of poor digital performance 62

2.5.4. Cybersecurity 63

2.5.5. Merger and acquisition transactions 65

2.5.6. Governance and data protection, cybersecurity 66

Chapter 3. Risk Mapping 69

3.1. Cyber-risks 69

3.2. The context 71

3.3. Vulnerabilities 72

3.3.1. Fraud against the president 73

3.3.2. Supplier fraud 73

3.3.3. Other economic impacts 74

3.4. Legal risks 76

3.4.1. Class actions 76

3.4.2. Sanctions by the CNIL and the ICO 77

3.5. The objectives of risk mapping 78

3.6. The different methods of risk analysis 79

3.7. Risk assessment (identify) 81

3.7.1. The main actors 81

3.7.2. The steps 82

3.8. Protecting 83

3.9. Detecting 83

3.10. Reacting 84

3.11. Restoring 85

3.12. Decentralized mapping 85

3.12.1. The internal threat 85

3.12.2. Industrial risks 87

3.12.3. Suppliers, subcontractors and service providers 88

3.12.4. Connected objects 89

3.13. Insurance 94

3.14. Non-compliance risks and ethics 96

Chapter 4. Regulations 99

4.1. The context 99

4.1.1. Complaints filed with the CNIL 100

4.1.2. Vectaury 101

4.1.3. Optical Center 102

4.1.4. Dailymotion 103

4.2. The different international regulations (data protection) 103

4.2.1. The United States 104

4.2.2. China 104

4.2.3. Asia 105

4.2.4. Europe 105

4.3. Cybersecurity regulations, the NIS Directive 105 ...