There are many different risks that businesses and business owners need to keep at the forefront of their minds on a day-to-day basis. One of the growing problems is cyber risk, which is becoming more and more of a factor for growing organisations. 9 out of 10 businesses recently surveyed have found that there are cyber risks present within their company and on top of that, 87% of companies believe that cyber risks are one of the most prominent risks facing them. As such, there have been several duties imposed on the directors of businesses who owe a duty of care to their business and must act using a reasonable amount of care and skill. This article is going to talk in more detail about cybersecurity and data protection the risks that currently face businesses as well as what the duties owed by directors currently are.
The Statutory Duties of Directors
A lot of the duties which are owed by directors are outlined within the Companies Act 2006. This piece of legislation imposes a variety of different rules on directors, which include the likes of needing to promote the success of the business as a whole and also to exercise a reasonable amount of care, skill and diligence within their decision-making. When it comes to acting in this manner and promoting the success of a business, it is important for the director of a business to (as well as other things):
- Consider what the likely long-term consequences of the decision they are making might be; and
- Ensure that the organisation is maintaining their reputation by promoting high standards when conducting business.
If a director is found to have breached these various duties then it may be that they are liable by the company or the shareholders by way of derivative action. If a director does breach their duties then they may be asked to pay damages; however, if they are in breach of their fiduciary duties then they may have to pay damages or could even be liable for an injunction or even suffer from a director’s disqualification. Directors might also have their service contract terminated depending on what their breachers are and how severe the ramifications of said breach are.
The Consequences of Cyber Risk
In order to comply with the duties set out in the Companies Act 2006, directors need to address risk management in their corporate governance strategy. Given the majority of companies these days rely on technology on some level and need to use online services to operate on a day-to-day basis, then naturally, cybersecurity is incredibly important and potential risks are a growing concern. Breaches can end up costing a company a significant amount of money, which in the worst-case scenario could lead to an organisation going into liquidation.
On top of that, setting aside the potential financial costs, there is also a reputation issue that could follow any kind of cyber breach. Customers and suppliers will be hesitant to work further with you as they are going to be at risk when doing so, as such, they will likely terminate any existing relationship, or not work with you to begin with. Your business will be seen as operating poorly and it won’t look like you care about the security of it, which will stop people from working with you in the long term. This could lead to severe consequences for your business, including claims for negligence and general difficulty with client acquisition and retention which will stop organisations from being able to make money.
The Best Ways Directors Can Mitigate Cyber Risk
If you are looking to minimise the risk of potential cyber breaches in your business then directors should:
- Make sure that they have a thorough understanding of the risk that cyber-attacks pose towards the company so that they can properly monitor these risks.
- Consider appointing somebody who has sufficient experience with monitoring cyber security and who has primary responsibility for cyber risk management. This person should make sure that the board of directors have a thorough understanding as to what the key assets of the company are, what their current strengths and weaknesses are and how they will be able to operate whilst imposing a strict cyber security policy.
- Make sure that the current cyber policy which is in place for the company provides regular cyber security training for all employees. This cyber security training needs to be up to date and contain efficient and practical incident response plans that are going to be able to help contain and mitigate any of the damage that has been caused by a cyber-attack.
- Consider getting cyber insurance which is going to provide appropriate cover should the worst happen.
Some of the Most Common Online Threats for Businesses
Some different threats could impact businesses. Some of the most common include but are not limited to:
- Phishing Attacks: This is where an attacker will send a message pretending to be a trusted contact, their message will contain a malicious file which the user will then download, providing access to sensitive information.
- Malware Attacks: Malware encompasses a number of different cyber threats like trojans and viruses, it involves malicious code which hackers can use in order to gain access to various business
- Weak Passwords: Businesses should have strong passwords that they change regularly if they don’t then it could mean that hackers can take advantage and gain access to sensitive information.
Do You Need Further Assistance?
If you require any further assistance on your duties as a director then be sure to get in touch with experts such as Leading UK who will be able to provide further guidance. If you have any questions or require any further information then do not hesitate to get in touch. Technology is incredibly important for a variety of different businesses and as such, staying on top of it as much as possible is crucial.