"By the Nasdaq Center for Board Excellence ‘Risk & Cyber Oversight’ Insights Council: Dominique Shelton Leipzig, Chris Hetner, Steve Roycroft, and Raj De
Today’s headlines make clear that privacy and cybersecurity have moved beyond IT and legal compliance issues and are now environmental, social, and governance (ESG) benchmarks vitally affecting market caps and shareholder values.
To understand the scope of the issue, it is important to clarify the terminology. At a high level, data privacy concerns the personal information companies collect, use and share, and how they communicate about their practices. Cybersecurity, on the other hand, concerns what companies do to protect personal and business critical data and maintain resilience. Privacy and cybersecurity were largely unregulated until 2018, when the European Union (EU) General Data Protection Regulation went into effect. Presently, there are over 150 countries with data protection laws.
Privacy and cybersecurity are majorly impacting areas beyond the legal landscape. Privacy issues triggered a $1.4 trillion dollar loss in market cap for publicly listed companies in Q1 and Q2 of 2022. In 2021, cybercrimes cost our global economy 6 trillion dollars, and this figure is expected to increase to 10.5 trillion dollars by 2025. If privacy and cybersecurity were a country, they would be the third largest GDP behind the U.S. (GDP of $20.89 trillion) and China (GDP $14.72 trillion). Recently, the U.S. Department of Justice indicated that it will be pursuing a new policy seeking C-level sign-off on corporate compliance programs and signaled that it will be expecting CEOs to vouch for corporate compliance programs. In addition, the recent criminal conviction of a Chief Information Security Officer (CISO) for a data breach has resulted in some commentators calling for boards to be held accountable rather than CISOs."
Read the full Nasdaq article here.