Going Global: Navigating Cybersecurity and Data Privacy Risks Across Borders

Current State of International Cybersecurity and Data Privacy Risks

Organizations of all sizes navigate turbulent waters when it comes to cybersecurity threats and data privacy. New risks continue to materialize—both within organizations themselves as well as the third parties with which they work—and cyber criminals continue to develop creative ways to infiltrate systems and monetize stolen data. On top of this already uncertain environment, regulatory requirements are becoming increasingly complex as governments look to minimize these risks and protect consumers.

This ecosystem becomes infinitely more complicated when an organization expands its operations across borders.  Cybersecurity risks are rising for companies around the world. It is critical to understand the cybersecurity risk landscape in your targeted expansion market and what impact it has on sensitive information. As data, cloud services and cloud computing expands, Cherry Bekaert is seeing an exponential increase in the need for organizations to have assurance in these areas to properly mitigate risk and comply with the relevant international governance and compliance initiatives.

The decision to expand internationally is grounded in the opportunity for future growth, but careful and strategic planning is key to success—especially when it comes to cybersecurity and data privacy.

Where To Start Evaluating Your Organization’s Cybersecurity Plan When Going Global

From a preparation perspective, combating these challenges starts as a top-down leadership, cultural and enforcement exercise.

An organization’s leaders and key stakeholders need to understand what is at stake. They must support the programs, people, process, technologies and systems that need to be instituted to achieve compliance, while properly mitigating risk.

4 Key Phases of Cybersecurity Plan

1. Establish formal cyber governance and/or privacy risk management programs

   In addition to implementing standard risk-control frameworks, these initiatives encompass assigning reporting responsibility to key stakeholders on identifying and protecting assets, along with detecting, responding and recovering from data breaches.

2. Embark on a comprehensive data inventory

   This exercise helps organizations get a better handle on all types of data including structured, semi-structured and unstructured data. This includes understanding:

   • The type of data you have, where it resides, how it is stored, processed and transmitted and by whom
   • The classification components of the data lifecycle, from creation to disposition
   • What systems are used and how they are storing, processing and transmitting data
   • What countries and geographic boundaries apply to these datasets

3. Understand the applicable criteria and build your cybersecurity management program

   Upon completion of the data inventory, the next step is to become familiar with the criteria that safeguards data based on each country’s legal and regulatory expectations. This extends across international borders and spans to any related third-party contractual agreements. At this point, you can start to build out a program to achieve compliance. It is critical to have a program that is updated on an ongoing basis through proactive testing, monitoring and scenario planning.

4. Utilize independent third-party monitoring

   In addition to your organization’s monitoring strategies, it is important to seek independent, third-party assurance on design and effectiveness of the overall cybersecurity program. An independent review can evaluate controls, potential system gaps, data breaches and regulatory non-compliance (e.g., NIST, GDPR, PCI, ISO, HIPAA).

When you start to think about operating internationally, you must understand the requirements and how they affect your overall risk management program. How do we design the right operational policies, procedures and controls to stay within the boundaries of compliance?

How Cherry Bekaert Can Help with Global Cybersecurity and Data Privacy Risk Management

The cybersecurity environment is not getting any simpler and its complexity is compounded by operating across borders. Typically, middle-market organizations looking to embark on a globalization journey do not always have the immediate resources needed to address known and unknown risks.

Cherry Bekaert’s Cybersecurity & Information Assurance team helps companies chart their global journey by evaluating, designing and implementing cybersecurity and data privacy risk management programs across borders.

This often includes:

• Understanding the data privacy laws and regulations across jurisdictions
• Identifying and classifying the information that needs protecting
• Performing risk assessments, gap assessments as well as vulnerability, risk and penetration testing
• Evaluating the technical design and configuration of key systems used to mitigate the risk of unauthorized data access
• Helping organizations understand how to respond to data breaches with tailored incident response programs
• Training users on protocols to help safeguard against cyber attacks
• Offering guidance with navigating third-party and supply chain risk management efforts

Contact us today to learn more about how we can help.

This is the third article in the ‘Going Global’ series of articles around the opportunities and risks around Going Global. Read more on the Going Global initiatives:

• Going Global: Tax Issues to Consider When Just Starting Your Global Expansion
• Going Global: Laying the Foundation for Growth in International Markets 

Contact a Professional