As former SEC Commissioner Luis Aguilar aptly stated: “boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” The statistics on data breaches echo the commissioner’s message: 2017 saw an 88 percent increase in the amount of compromised records compared with 2016. All companies in today’s economy rely on digital assets to conduct business. Companies collect and store personal data about users for payment, marketing and analytics purposes. Business-to-business and business-to-consumer companies alike collect sensitive data about employees and their families for payroll and benefit administration. Moreover, companies’ confidential information, transaction information and trade secrets are contained in electronic records which, if compromised, could severely affect the business’ value.

Equifax’s breach and Facebook’s Cambridge Analytica scandal highlight cybersecurity’s increasing link to reputation. Additionally, government agencies like the SEC and FTC are paying close attention to cybersecurity issues. The FTC, which has brought over 50 cybersecurity lawsuits, compiled all of its enforcement messages into its “Start with Security” guidance—essential reading for all businesses.