Cybersecurity threats discourage Internet use as they give rise to fears about online safety. Digital companies are at particular risk as the digital industry is one of the most targeted by cybercriminals.xix Yet, companies often do not assign sufficient high-level accountability for cybersecurity. The United States Securities and Exchange Commission requires public companies to disclose cybersecurity risks and incidents.xx Companies need to assure stakeholders that they take cybersecurity seriously and assign high-level accountability and resources to maintaining it.
Senior-level oversight of cybersecurity can serve to indicate that the company dedicates appropriate accountability, managerial capacity and resources to preventing, mitigating and resolving cybersecurity risks.xxi If companies are proactive about cybersecurity, digital inclusion will improve because users will feel safer using digital technologies.
Rapid response to information security incidents is essential. Companies have created special units (e.g. computer emergency response team, computer security incident response team) to protect, detect and respond to cybersecurity incidents. As cyber threats often extend across borders, global cooperation is essential. The Forum of Incident Response and Security Teams, with over 500 members, fosters global ‘cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large’.xxii


Research Guidance:

The company has a permanent committee (standing oroperating) that addresses cybersecurity as part of its formal mandate. The committee‚s responsibilities must explicitly cover cybersecurity, information security, and/or data security. The committee must report directly to the Board of Directors, a Board committee, or an equivalent governing body. Ad-hoc committees, task forces, or advisory councils that are temporary or informal are not accepted.