FCPA Blog sponsor Kroll released a survey showing that 75% of compliance officers aren’t involved in managing cyber security risk.
And nearly 44% of senior-level compliance professionals who responded said the chief compliance officer is only responsible for privacy compliance and breach disclosure after an incident but has no role in addressing cyber security risks before one.
“These statistics draw attention to a gap in responsibilities as cyber security lapses can often involve hefty penalties or sanctions, civil litigation and compliance issues,” Kroll said.
Alan Brill, senior managing director for Kroll, said compliance officers should have a strong enough grasp of cyber security to know when they should be involved in a problem.
“Every compliance officer needs to decide whether it’s time for them to be Captain Kirk and boldly go into cyber,” Brill said.
They should forge a partnership with the IT director, with the general counsel, and with the internal auditor — “so that the cyber elements of compliance are just the everyday part of your work,” he said.
The 2014 Anti-Bribery and Corruption Benchmarking Report from Kroll and Compliance Week also covers other compliance topics, including third-party training and due dilgence, among others.
To request a copy of the benchmarking report, contact Cathy Johnson of Kroll (Tel +1 347.963.7509) or by email here.
Richard L. Cassin is the Publisher and Editor of the FCPA Blog. He can be contacted here.
There areas many gaps in cyber security defense systems of business and government as there are new forms of attack each year–and that is very many indeed. The reasons for our societal unreadiness to cope are are also numerous and understandable. In simplest form, the systems comprising response and rectitude for any crisis develop at snails pace compared to the speed of innovative malevolence. The innovations of lawlessness always travel at light speed compared to the speed limits imposed by law.
That does not detract from the value contributed by the commentary from Kroll, a family of protective services on the leading edge of societal protection for 40 years. It there is a single place to start the counter revolution, it is within the awareness and structures of business enterprises. Executive managements are barely half as aware of cyber risk as are risk managers, and risk mangers too often lack both the resources and authority to lead the good fight.
Those gaps can be readily closed, and must be as an urgent early step.
Comments are closed for this article!