Cyber-attacks continue, seemingly unabated. Major industrial incidents seem to remain regardless of efforts to curtail them as well.
In many cases significant shareholder value is destroyed and perhaps never to be regained. Lives are lost and business models compromised.
In isolated incidents, senior executives “retire.” Usually, it is business as usual until the next time with the promise not to do it again. However, there is precedent for punishing organizational maleficence.
Regarding cyber security, the digitalization process underway places the process of managing information technologies into the arena of “core competency.” There are several definitions of the term. Digitalization is the process of using digital technologies as a way of doing everyday business. In other words, this process is material to the well being of the firm.
While not an attorney nor offering advice, one can observe that in the late 1990s another software issue was so concerning that the U.S. Securities and Exchange Commission issued guidance for public companies and others regarding the risk and materiality of exposure to the so-called Y2K date rollover. Most affected firms had significant efforts underway to assure business was not disrupted and/or risk mitigation strategies were put in place.
Shortly thereafter, the activities of Enron, MCI and others resulted in the Sarbanes Oxley Act of 2002. Section 404 of that act requires firms put in place “management systems” to assure adequate and effective internal controls and transparency regarding financial reporting.
According to one source approximately $2.5 trillion in value can be unlocked by digitalization for the oil industry ecosystem. However, if cyber security is weak and SCADA and process controls systems are exposed lives may be lost and facilities may be irreparably damaged.
One view is that today’s Industrial Internet of Things (IIoT) organization has greater exposure than any Year 2000 problem may have caused. Shouldn’t society and investors have protections in place equal to Y2K and SOX?
There is precedent for holding organizational leadership accountable. Digitalization is a Board of Directors agenda item!