Directors and managers are facing an increasingly technological world, which has forced companies to adopt an active defense to deal with cybersecurity attacks. In this context, Assiteca Spain organized the webinar 'Cybersecurity: The greatest concern of managers'. Silvia Sepúlveda, moderator of the event and Head of Financial Lines at Assiteca Spain, explained that cybersecurity is an increasingly critical aspect that can directly impact the business and reputation of companies. "Therefore, it is essential to involve the management committee in information security policies," she said.
During the virtual event, Alejandro Padín, partner at Garrigues, pointed out that " specific regulations such as the data protection regulation expressly mention the need for the highest levels of company hierarchy to be involved and to take decisions on information security strategy". For his part, Juan Cobo, Global CISO at Ferrovial, said that in large companies cybersecurity has long been a matter for the management committee and the board of directors.
Likewise, Xabier Mitxelena, Managing Director and Iberian Security Lead at Accenture, stated that, within the risks of companies, cybersecurity is key, but it is not a technological element, but a reputational one. For this reason, he concludes that it is the responsibility of senior management. He also added that in "the risk map of large companies it is becoming clear that cybersecurity is an investment, but also an element of competitiveness".
Align business and risk strategies
On the other hand, Toni García, CISO and CIO at LETI Pharma, reflected on the importance of aligning business and risk strategies in companies. He stressed that aligning business, risk and cybersecurity strategies "is the last step that we have not yet finished taking. As soon as this transversal awareness exists, the strategies will align naturally", since the three elements - business, risks and cybersecurity - are interrelated.
cyber insurance, data sciencie, artificial intelligence, enterprise,
In this regard, Padín also stressed that it is essential to be involved in cybersecurity planning, as this must be included in the company's strategy as part of the business. Likewise, from a legal perspective, he stated that "there are a series of obligations regarding the custody of information that, if they are not contemplated, are implying a breach of the obligations of the administrators and directors themselves".
For his part, García said that regulation is, to a certain extent, a gift. "The fact that there is a regulatory part that says you have to comply is a first step that allows you to establish the rules of the game," he said. However, "it is a challenge because having to comply with a regulation implies overexertion of auditing, establishment and controls, and alignment of standards that are not always adequately developed to fit together. You have to make an exercise of crossing these standards to see that you are not implementing two different things for the same objective," he explained.
News Source: ADN del seguro 21/05/21