By the Nasdaq Center for Board Excellence ‘Risk &
Cyber Oversight’ Insights Council: Rajesh De, Chris Hetner,
Steve Roycroft, and Dominique Shelton Leipzig
Today’s headlines make clear that privacy and cybersecurity have
moved beyond IT and legal compliance issues and are now
environmental, social, and governance (ESG) benchmarks vitally
affecting market caps and shareholder values.
To understand the scope of the issue, it is important to clarify
the terminology. At a high level, data privacy concerns the
personal information companies collect, use and share, and how they
communicate about their practices. Cybersecurity, on the other
hand, concerns what companies do to protect personal and business
critical data and maintain resilience. Privacy and cybersecurity
were largely unregulated until 2018, when the European Union (EU)
General Data Protection Regulation went into effect. Presently,
there are over 150 countries with data protection laws.
Privacy and cybersecurity are majorly impacting areas beyond the
legal landscape. Privacy issues triggered a $1.4 trillion dollar loss in market
cap for publicly listed companies in Q1 and Q2 of 2022. In
2021,…
