Boards need to be more involved in ensuring knowledge assets are protected
According to a recent study co-authored by the Ponemon Institute and Kilpatrick Townsend ‒ The Cybersecurity Risk to Knowledge Assets ‒ more often than not, boards are not aware of security issues that involve their company’s knowledge assets. These are defined as the confidential information critical to an organization’s core business and include trade secrets, product design, development and pricing. Loss of knowledge assets can affect an organization’s reputation and cause brand damage.
Fewer than half the respondents (48 percent) say their company’s board is not informed of steps taken to secure knowledge assets and only 23 percent say the board is made aware of all incidents involving the loss or theft of knowledge assets.
The survey questioned more than 600 individuals familiar with their company’s approach to managing knowledge assets and involved in the process, in order to determine the extent of risk and organizational effectiveness in safeguarding knowledge asset data. Fifty percent of respondents say knowledge asset theft is increasing in their organization.
Key findings:
- 74 percent of respondents say it’s likely their company failed to detect a data breach involving the loss or theft of knowledge assets and 60 percent say it is likely one or more pieces of their company’s knowledge assets are now in the hands of a competitor
- 69 percent believe senior management does not make the protection of knowledge assets a priority.
‘The good news is that there are steps to take to reduce the risk,’ says Dr Larry Ponemon, chairman and founder of the Ponemon Institute. ‘First of all, understand the knowledge assets critical to your company and ensure they are secured. Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans.’
Best practices for board members in order to protect knowledge assets include the following, says Ponemon:
- Most incident response plans and audits are informal. Insist on formal assessments or audits to determine the cyber and data-breach risks posed by insecure knowledge assets
- Implement more centralized control over the protection of knowledge assets. Responsibility for protecting knowledge assets should be centralized and not dispersed throughout the organization
- As the most likely root cause of a data breach involving knowledge assets is due to careless employees, access to this information should be controlled
- Board members need to make sure when sharing knowledge assets with third parties that strict safeguards are in place
When companies store knowledge assets in the cloud, boards should require proof that the cloud provider is carefully vetted and meets generally accepted security requirements.