Cybersecurity: A Strategic Imperative Rather Than A Mere IT-Problem

Published date10 March 2023
Subject MatterTechnology, Security
Law FirmLydian
AuthorMr Bastiaan Bruyndonckx and Olivia Santantonio

Cybersecurity risks are on the rise within companies since (i) telework and the use of cloud technologies provide employees with widespread access to company data, (ii) outsourcing requires exchanging information and (iii) cyber espionage and data theft are not unusual in M&A transactions. As the very survival of a company (large companies and SMEs alike) is more and more determined by its resilience towards such vulnerabilities, the Board of Directors must play a fundamental role in managing cybersecurity risks. With the advent of the European CyberSecMonth 2022 (the 10th edition), this topic deserves some extra attention.


A company can be exposed to various kinds of cybersecurity risks.

First, there is the risk of an attack against the IT systems or a data breach that might lead to administrative or even criminal sanctions.
Second, there is the risk of an interruption of production, sales and daily business, resulting in a decrease in turnover and a reduction in profits.

Finally, the resilience of the company may be called into question with all the consequences that this entails: a cybersecurity breach jeopardizes its reputation, but also the confidence regarding the competence of the Board.

Shareholders have indeed already demanded the removal of directors or taken legal action against them for cyberattacks.

Since a cyberattack or data breach may affect every department of a company, cybersecurity cannot be reduced to a mere IT issue. Like any other risk affecting the company, cybersecurity requires a clear strategy by the Board of Directors.


The Board does not have to understand all the technical aspects, but it is responsible for cybersecurity risk governance. Awareness of the risks is not enough; every Board needs a cybersecurity policy in order to achieve a secure data environment.

Often, the subject of cybersecurity is not addressed until a company has become the victim of a cyberattack or a data breach.

Companies must indeed be able to deal with the consequences of an attack, but the aspect of risk prevention is even more important.

It is the responsibility of the directors firstly to raise awareness about cybersecurity risks...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT