IT | Security

CIOs Must Negotiate GRC Even Without Board Support

By: Absolute Editorial Team | 11/25/2014

I recently began a series on Finextra on "Working With Your CIO to Negotiate GRC.” In this first part to the series of discussions, I talk about the prevalence and costs associated with data breaches and how many boardrooms have not given appropriate billing to facing data security issues. In the article, I discuss the importance of facing the issues presented by mobile devices, despite lack of board-level support.

The reality is that there are now more ways businesses can lose data, through employee mistakes, malicious theft or the sale of confidential information. GRC (Governance, Risk Management and Compliance) is one of the biggest issues facing organizations of all sizes.

Without board-level support, many CIOs question whether mobile working policies and BYOD are worth the hassle, but the truth is that employees will use mobile devices with or without a policy, so ignoring mobile devices does not erase the risks (or opportunities) that they present.

I share in the article how some organizations are not taking steps to implement preventative measures to ensure compliance from employees and some real-life examples of the breaches that resulted. While data breaches cannot always be avoided, financial fines and criminal penalties are much more likely for organizations who are found to be fully accountable for the breach (because of a lack of preventative action).

In the second part of the series I will be discussing the three-stage approach to keeping data secure. You can read the first part of this discussion here.