The undersigned has been highlighting the need for Directors of Companies and the CEO to take responsibility for Cyber Security in an organization. Section 85 of ITA 2008 as well as Section 79 has clearly laid out the need for “Due Diligence” without which Directors of Companies may find themselves saddled with civil and criminal liabilities.<\/p>\n
The infamous Baazee.com litigation dragged the CEO Mr Avnish\u00a0Bajaaj to a Court battle which prolonged for 8 years. Though he escaped conviction because of a technical error by the Police which in reasonable probability could be deliberate, the need for due diligence at Board levels was well emphasized in the process.<\/p>\n
This article in Forbes titled “Boards are still Clueless about Cyber Security”<\/a>\u00a0highlights that even in US the level of Board attention on Cyber Security is still lacking. According to a Carnegie Mellon report,<\/p>\n 71% of their boards rarely or never review privacy and security budgets If this is the situation in a Compliance sensitive\u00a0corporate community\u00a0like US, one can imagine that the status in India can be pretty bad.<\/p>\n The undersigned has a personal experience of how the well known\u00a0CEOs of ICICI\u00a0Bank, Axis Bank and PNB\u00a0have shown absolute incompetence and arrogance in understanding the cyber security risks which have landed some of their customers in trouble when confronted with complaints on Phishing and other frauds. It is only when one or more of such celebrity CEOs find themselves confronting FIRs like Avnish\u00a0Bajaj, they will realize their true responsibilities. However as the wheels of justice grind slowly, it is possible that these executives may be long retired when law tries to catch up with them. However, if law can catch up with a retired executive like the Coal Secretary Mr Parakh, may be one day law will also catch up with the current CEOs of Banks who are playing with Customer’s lives by adopting a commercially motivated risky banking policies.<\/p>\n It is high time that the Boards of all IT user organizations to start devoting some attention on Cyber Security before it is too late.<\/p>\n Naavi<\/p>\n Also Read:<\/p>\n “Cyber Risk and the board of directors-closing the gap”<\/a><\/p>\n New Measures to Mitigate Mobile Banking Risks<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" The undersigned has been highlighting the need for Directors of Companies and the CEO to take responsibility for Cyber Security in an organization. Section 85 of ITA 2008 as well as Section 79 has clearly laid out the need for … Continue reading
\n79% of their boards rarely or never review roles and responsibilities
\n64% of their boards rarely or never review top-level policies
\n57% of their boards rarely or never review security program assessments.<\/p>\n