TORONTO, Dec. 19 /CNW/ - CEOs must make cyber security a top priority or
their businesses could fall victim to industrial espionage similar to recent
cyber attacks on such large companies as Rolls-Royce and Royal Dutch Shell.
That's the conclusion of the report Cyber Attack: A Risk Management Primer for
CEOs and Directors published by the British-North American Committee (BNAC), a
trinational group sponsored by the C.D. Howe Institute in Canada, the Atlantic
Council of the United States, and the British-North American Research
Association in the United Kingdom.
The one global Internet, for which the Internet Corporation for Assigned
Names and Numbers (ICANN) coordinates addresses, makes possible about $2.8
trillion in global e-commerce annually. "As enterprise on the Internet has
become more sophisticated, so have cyber criminals," said Dr Paul Twomey,
ICANN's President and CEO, and one of the report's main authors. "The message
of this report is clear - senior government figures and leaders of
corporations need to make cyber security a personal priority."
"This report sets out the critical steps that CEOs should take to protect
their businesses," noted William Robson, President and CEO of the C.D. Howe
Institute, and a member of the BNAC working group. "CEOs are not IT experts
and they don't have to be. This report provides a quick comprehensive
reference list of things every chief executive should know and do."
The report calls on CEOs and corporate directors to take actions to
protect their businesses and organizations from cyber attacks. It identifies
information security threats, and most commonly made mistakes in data security
and provides recommendations for business and corporate leaders to manage
cyber security risks. "This report is a timely reminder to all organizations -
large and small, public and private - of the need to keep up with best data
security practices. The risks are very real but help is at hand," said Clive
Mather, until recently president and CEO of Shell Canada and a BNAC member.
Among its recommendations, the report urges CEOs and directors to:
- Establish a comprehensive information security policy, implemented by
- Hold a company-wide security audit to expose vulnerabilities and
strengths and give a complete picture of an organization's security
- Underpin a robust security culture with frequent and rigorous testing;
- Prioritize keeping abreast of changes in security technology and best
practices, including through participation in relevant international
information security organizations.
The report further provides a comprehensible information security
checklist of recommendations chief executives and directors must follow to
protect their corporations against industry espionage. It is endorsed by
members of the British-North American Committee, a group of distinguished
business, academic, and labor leaders from the United Kingdom, Canada and the
The report is available at
For further information:
For further information: William B.P. Robson, President and CEO, C.D.
Howe Institute, (416) 865-1904, email@example.com