Those of us who have been preaching this same message [that of BoDs’ role regarding technology] for many years, already have insisted greatly on the need for adopting a different approach with regard to engaging directors and officers in matter of technological security. We all agree -I am convinced that so do you, too- on the convenience of having our management aware of the subject matter. Nonetheless, there is little point that we continue saying it each other, among us. They [D&O] are the ones who actually have to hear it!
It is the subtle difference between spreading such messages in professional, technologist-oriented forums, and to spread them in other forums, specifically executive-targeted ones like Spain’s APD (Association for Management Progress), American NACD (National Association of Corporate Directors) or the like.
Think, for a second, how many directors of listed companies you meet when you attend your quarterly meeting at IRAM, INN, ICONTEC, INEN or AENOR. Recall and count how many of them attended the last event organized in your city by ISACA, or -why not to say it- by CCI. Efforts done in those fronts, no doubt, are valuable -because of this we have done them and we will keep doing them-; but it seems to me that they are not enough.
There is, however, a third way to bring the cyber message to Boards: regulation, as our “Newsletter” states today: “… regulators have also begun to raise expectations [on BoD's role] …”; but let us discuss another day about opportunities offered and lost by this way.
Relevance of cyber issues at both, corporate as well as plant floor level, is rising as attacks become more sophisticated. And as they become more pronounced in specific industries like energy, what we have the opportunity to see week after week.
During CCI’s last international congress, held in Buenos Aires (AR), we were witness of Colombia’s notable development in Industrial Cybersecurity. Mr. Cristian Isaza and Mr. Juan Victoria, delegates from the coffee producing country, gave a detailed overview of the regulatory (legislative) developments done in recent years in their country; and showed the best practices that, based on experience, the Colombian industrial sector has started to adopt.
Best practices that are not always the panacea!, as our colleague Enrique Martín suggests in CCI’s “Opinion” this week.
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!