Not long ago, cybersecurity was a term rarely, if ever, heard in the boardroom. Rather, information security was deemed to be a risk managed solely by the chief information or technology officer. Those days are gone. With the litany of high profile cybersecurity hacks—and the potential resulting drop in shareholder value, regulatory inquiries and litigations which inevitably follow—cybersecurity has become an increasingly challenging risk that boards must address.
One of the key elements needed to ensure accountability is reporting the right statistics and metrics. Each user department is responsible for ensuring that its information technology needs are addressed, and the IT department is responsible for providing overall cost-effectiveness, quality and coordination. The IT department can play its role by ensuring that IT metrics are captured and disseminated. User departments and the IT department must both be involved; neither may be permitted to abdicate its responsibilities.
In Steel v. Coast Capital Savings Credit Union, the Supreme Court of British Columbia upheld the termination of an employee on a with cause basis after the employee breached the bank’s confidentiality policy