Cybersecurity: the new frontier of corporate responsibility

Cybersecurity: the new frontier of corporate responsibility

Cybersecurity: the new frontier of corporate responsibility

https://en.ilsole24ore.com/art/cybersecurity-the-new-frontier-of-corporate-responsibility-AIaBZ5wD

Publish Date: 2026-07-01 06:25:00

Source Domain: en.ilsole24ore.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. It follows that senior management must not only formally approve the organisational model, but also make a concrete commitment to its implementation.At the same time, 231 models can no longer be limited to identifying risks and setting out formal control measures; they must be able to demonstrate that these controls are genuinely effective, up to date and integrated into the organisation’s day-to-day management. Prevention thus becomes an ongoing process that requires the involvement of operational functions and supervisory bodies.In this regard, artificial intelligence offers extraordinary tools to strengthen this capacity for control. Advanced monitoring systems, behavioural analysis, automatic anomaly detection and platforms capable of processing enormous amounts of data make it possible to identify risk signals with a speed that would have been unthinkable just a few years ago. However, at the same time, technological developments are introducing new challenges, such as the phenomenon known as ‘algorithmic opacity’.If an organisation is unable to reconstruct the logical sequence of steps that led an artificial intelligence system to reach a particular decision, it becomes difficult to assign responsibility, verify any errors and demonstrate the adequacy of the controls put in place. In other words, there is an increased risk of creating areas of unaccountability that are incompatible with the fundamental principles of modern governance. Moreover, formally correct systems can cause serious problems if incorporated into decision-making processes that are not properly managed.Cyber risks may also arise from suppliers, business partners, consultants or other third parties who access the company’s systems or data. The remit of supervisory bodies, risk management functions, and those responsible for cyber security and data protection must therefore extend beyond the company’s boundaries. It is therefore essential to introduce due diligence procedures, contractual security clauses and verification mechanisms such as audits, questionnaires and certifications. It is necessary to establish who may access the systems, with what credentials, under what authorisations and subject to what controls, as well as to ensure coordination between cyber security measures and the Supervisory Board, including through the timely flow of information, particularly in the event of cyber security incidents, data breaches, failed phishing simulations, whistleblowing reports, regulatory changes or measures taken by the competent authorities. At the same time, the Supervisory Body can and must carry out specific checks on the effectiveness and comprehensiveness of cybersecurity training.