Canadian HR Reporter is the national journal of human resource management. It features the latest workplace news, HR best practices, employment law commentary and tools and tips for employers to get the most out of their workforce.
Issue link: https://digital.hrreporter.com/i/1017614
CANADIAN HR REPORTER SEPTEMBER 2018 NEWS 7 HRPA 2019 Featuring Our Keynotes: Mel Robbins Award-Winning CNN Commentator & Bestselling Author Michael Roberto Trustee Professor of Management at Bryant University Jade Simmons Transformative Leadership Expert & Motivational Pianist Steve Pemberton Chief Human Resources Officer, Globoforce Bill Burnett Executive Director of the Design Program at Stanford University Dave Evans Adjunct Lecturer, Product Design Program at Stanford & Co-founder of Electronic Arts Cy Wakeman Drama Researcher, Business Consultant & New York Times Bestselling Author Tarana Burke Social Activist & Founder of the #MeToo Movement David McWilliams Economist, Broadcaster, Bestselling Author Afdhel Aziz Speaker, Writer & Award-winning Marketer Jan 30-31 / Feb 01 Metro Toronto Convention Centre Save up to $275! Early-bird registration: Aug 15 – Oct 31, 2018 How do we create positive work climates that enable people's potential to thrive while improving business value? Learn how to help your organization cultivate an optimal work climate to achieve productivity, innovation, inclusion, and high performance. Register Today hrpaconference.ca Positive Climate Change at Work Boards of directors play important role maintaining cyber resilience: Survey Cross-organizational training, HR also key components of proper strategy BY JOHN DUJAY BOARDS of directors can pro- vide significant aid in helping or- ganizations become more cyber resilient, according to a global survey. "It's important for companies to understand that achieving cy- ber resiliency is a company-wide imperative, one that shouldn't be sequestered to certain roles or functions," said Anthony Agos- tino, global head of cyber risk at Willis Towers Watson in New York, which sponsored the survey. "Boards should emphasize the need for a strategic framework, and the C-suite should set the tone within their organizations by empowering stakeholders, such as IT, risk, HR, legal and compliance, to drive an integrat- ed risk management and resil- iency strategy." It's critically important — in the past year, about one-third of the organizations experienced a "seri- ous cyber incident" that disrupted operations, found the survey of 452 board members, including 50 in Canada and 100 in the United States, by the Economist Intelli- gence Unit (EIU). However, only 13 per cent rated themselves as "well above average" in terms of learning from these types of incidents. What is cyber resilience? Most large companies already have extensive cybersecurity in place, but it's the ability to bounce back and continue regular opera- tions that makes all the difference, according to Rachael Bryson, se- nior research associate in national security and public safety at the Conference Board of Canada in Ottawa, which published the study Building Cyber Resilience in July. "It's an organization's ability to limit the impact of cyber disrup- tion, maintain critical functions and rapidly re-establish normal operations, following cyber inci- dents," she said. "There are critical functions that must be maintained. And the difference between just kind of surviving some sort of a cyber incident, and then being able to actually return the business op- erations, and possibly learn from it and become better, is rapidly re- establishing normal operations; there seems to be a strong cor- relation between the speed with which normalcy is achieved and the actual success in coming out of the cyber incident." "The acknowledgement that something could happen because hackers are actively targeting you is merged over to this aware- ness that everybody has a certain amount of vulnerability because we cannot know all of the system flaws out there until they're ex- posed in one way or another," said Bryson. But while a lot more companies are aware of the need for strong resilience, "not everybody is doing it and not everyone understands exactly how you can go about starting," she said. While awareness could be bet- ter, recent events profiled in the media are making a difference, said Rahul Bhardwaj, president and CEO of the Institute of Corporate Directors (ICD) in Toronto. "Cybersecurity risk has be- come prominent in the minds of directors more than ever before," he said. "Incidents such as the Cambridge Analytica and Equi- fax security breaches helped to increase awareness." In April, an ICD survey found 42 per cent of respondents identi- fied cyber risk or security of infor- mation as their number-one con- cern — double the number who cited changing regulations and disruptive technology, and triple the number who cited global eco- nomic instability as their number- one concern. e right questions In executing a cyber-resilience strategy, it behooves boards of di- rectors to not remain high above the fray, but rather ask tough questions of the C-suite, accord- ing to Patricia Kosseim, counsel in privacy and data management at Osler in Ottawa. "A question for the board that is important to ask is 'What level of resources does the organiza- tion dedicate to technical secu- rity, the physical hardware and software?' But also, it's important for the board to make sure that it asks questions about whether or not management feels it has the necessary technical skills or capacity to deal with the evolv- ing cybersecurity landscape," she said. PROACTIVE > pg. 20