As opposed to needing to dip their toes in “illegal” conduct and making their income streams unsound or too risky in terms of legal liabillity by doing ransom demands
As opposed to needing to dip their toes in “illegal” conduct and making their income streams unsound or too risky in terms of legal liabillity by doing ransom demands
Most companies dont give a shit about security except for 6-8 months after a recent hack.
But why would that not fall under their specific fiduciary duties to attend to?
They use fiduciary responsibillity as a legal and ethical defense to ward off disrupting their most harmful efforts, how can that not be moreso relevant towards defending their cyber stuffs?
Because you are not thinking like a board member.
You have an IT system that has been in place since before you were hired. Let’s be generous and say it was developed in the 90s and running on an AS400. All costs are accounted for and is costing $400k a month, the platform is working as intended and staff are adequately trained. The platform is rock solid and you don’t recall the last time a catastrophic failure happened.
Your IT underling comes to you one day and says we need to change this business critical and it will cost $1.2 million as a Capex with an ongoing opex of $600K a month. it will take 4 years to develop, another 6 months to migrate the data between systems and take another 4 months to train staff back to a basic level.
How in the world do you pitch that to your fellow board members?
this guy boards
You’d be amazed the kinds of excuses companies can come up with to avoid doing something they don’t want to do.
Dude is out here thinking corporations are lawful. Cyber security costs money, money that they pocket otherwise.