Board Level Insights on Combatting Cyber Threats - Peter Waziri
I recently chaired a panel discussion on risk and governance as part of the team of keynote speakers at the London Global Convention on Corporate Governance and Sustainability. The annual event was organized by The Institute of Directors India as part of the overarching topic of Boards, ESG, and Corporate Governance for the New World Economy. The themes of the event are extremely relevant in today’s world and it was an honor to speak alongside the other distinguished speakers.
I spoke about Board Level Insights on Combatting Cyber Threats and Boardroom Tactics for Overcoming Technical System Breakdowns. Here is an excerpt of my first topic:
“When I step back and look at cyber-attacks and data breaches, especially in boardrooms in the US, I ask the question — how can we prepare for this? We are going to get targeted (as recently happened with United Health Group and Ascension). We may also have to consider paying a ransom. We also have to ask the following questions — is it an internal attack? Was an opening inadvertently created internally that allowed for an external attack?
While cyber-attacks are bad, they could be much worse if the organization is the victim of cyber-warfare. As the current multipolar world continues to change due to shifting geopolitics, so do the strategy and capabilities of nation-states to wage cyber warfare. Will such attacks be powerful enough to shut down organizations? We don’t know for sure because it typically depends on the nature of the attack and the affected business. What is certain is that attacks are becoming less predictable, more frequent, and more consequential.
When I look at my experience as a CFO of a hospital system’s health insurance subsidiary, I still remember having to go through the Federal Emergency Management Agency (FEMA) related incident control training. It was mandatory for every leader of the health system’s leadership team to be FEMA-certified in disaster preparedness.
You might remember what happened during Hurricane Katrina and how FEMA was involved. What may not have been specifically reported in the media at that time was the detailed training every FEMA employee had to go through to prepare for such disruptive events. They had a comprehensive set of disaster preparedness that walks you through important concepts such as incident command and incident control. Detailed training manuals on who does what, when, and where. How to get organized, and what to do when you reach the scene of the disaster. It is all well laid out.
Cyber-attack does not currently have this. The question is do we need it? Or do we need to start considering something similar but more focused on cyber-attacks?
My opinion is that the current state of cyber-attacks has not yet reached this level, but it may only be a matter of time. Remember, it’s the known unknown (i.e., what could happen, but has not yet occurred) that could take us by surprise.”
* * *
A financial and healthcare leader with a global perspective, Peter Waziri has deep experience across several industries. He currently provides financial leadership for Parkland Community Health Plan’s operational and clinical management functions. Previous positions include CFO at Umpqua Health and also at Cascade Comprehensive Care, along with management positions at GE Capital, Ernst & Young, PNC, KeyCorp, and the Institute of European Finance in Great Britain.
