The evolving cybersecurity threat landscape, including AI-driven attacks, ransomware, insider threats, and supply chain vulnerabilities, has highlighted, yet again, the importance of information security and knowledge protection. Companies are responding to these rapidly evolving risks and challenges through proactive measures and enhanced governance frameworks. 

The rapid adoption of artificial intelligence by both malicious and legitimate actors raises concerns about deep-fakes and data harvesting as well as impending risks posed by quantum computing, which could break current encryption standards and expose previously secure data. 

Ransomware continues to evolve, including instances of multi-tiered attacks where data is stolen, ransoms are demanded, and threats of public leaks are used as leverage. Supply chain attacks, even those caused by environmental solar incidents, are ongoing risks along with attackers exploiting weak links to reach larger targets.

Risk posed by insider threats and social engineering

Insider threats, including risk from individuals impersonating employees and the presence of foreign actors in IT roles, continue to evolve and can lead to severe security breaches. Social engineering tactics, such as phishing and deepfake-enabled scams, continue to be growing concerns.

Essential need for business and Board response

Companies are increasingly conducting “tabletop” exercises and developing governance frameworks to address cyber risks. However, challenges remain in bridging departmental silos to ensure boards and management have a comprehensive understanding of technology risks and the interconnected nature of their organizations. Building a collaborative, inter-departmental culture of vigilance can be an effective step to equip all layers of an organization – from frontline workers to executive leadership – with an understanding of how to identify risks and how to address them proactively. 

Furthermore, the evolving regulatory environment for cybersecurity disclosures remains a key factor. Companies must continue to focus on SEC requirements and developments, including materiality assessments and the impact of transparency on governance and risk management practices.

For example, the SEC's 8-K material cyber incident disclosure requirements mandate reporting within four business days of determining an incident is material. This has led to increased dialogue between CISOs, CIOs, boards, and disclosure committees to better understand and communicate what constitutes material risk.

The importance of transparency and consumer trust

Transparency in disclosures continues to be a positive attribute of company culture: if there is concern about a particular risk, is it material and should it be disclosed? This proactive approach is seen as fostering consumer trust and aligning with best practices in information security and knowledge protection.

Following significant industry push back against new disclosure rules, with some companies reluctant to admit gaps in their risk management programs, the SEC has responded by requesting more detailed information, highlighting the tension between regulatory compliance and practical risk management.

Board expertise and digital vulnerability awareness 

Many companies would benefit by having or recruiting board members who are well versed in technology all-around, not relying solely on cybersecurity experts, to effectively oversee digital transformation and risk. Financial services is known as a sector with advanced practices, such as assigning Business Information Security Officers to business units.

This has relevance for boards and management to understand what knowledge assets and intellectual property are critical to their organizations. In other words, knowing what they may need to keep and under what circumstances, and protecting what needs to be protected according to regulatory and industry standards based on potential threats. 

There are also cross-border and corporate cultural variances that organizations need to consider, since many countries, territories or States have their own knowledge protection requirements – some more stringent than others.

What’s next to strengthen Board engagement for knowledge protection

Prioritizing knowledge protection is not uniform across industries and company cultures, with some boards lacking the expertise to ask critical questions or allocate resources effectively. To manage risk in today’s rapidly evolving threat landscape, organizations must identify and safeguard their most valuable assets. 

Board members and leaders should deepen their understanding of technology and digital vulnerabilities to ensure robust protection policies. Ultimately, adaptability and proactive governance are essential for staying ahead of emerging risks and regulatory requirements.

 

Computershare is not providing, and does not intend to provide, any legal, tax or investment advice.