Cybersecurity, key to corporate governance

"Corporate governance and cybersecurity" was the title chosen by the Garrigues - ICADE Chair on the Modernization of Company Law at the faculty of Law (Comillas ICADE) and by the Chair for Smart Industry at Comillas ICAI to lead a conference dedicated to two subjects of extraordinary relevance today. On the one hand, the security of electronic information and, on the other, the rules governing the decision-making process in a society in order to generate value, preserving relations with its stakeholders or interest groups.

Mariano Ventosa, Vice-Rector for Research and Teaching Staff at Comillas and co-director of the Chair in Smart Industry, was in charge of welcoming the participants; Pablo Sanz Bayón, co-director of the Garrigues-ICADE Chair, and Mónica Martín de Vidales, co-director of the Garrigues Department of Commercial Law and the Garrigues-ICADE Chair, who took the opportunity to emphasise the importance of the work carried out by both Chairs in the academic sphere as a meeting point between academia, business and society. The conference was an example of interdisciplinarity and collaboration between faculties, in this case between Comillas ICADE and Comillas ICAI, one of the university's hallmarks.

The opening speech was given by Pablo López, Head of the Cybersecurity Regulations and Services Area of the National Cryptologic Centre (CCN), who structured it around the essential ideas that a regulator should always keep in mind. On the one hand, setting a reference framework that establishes essential minimums (the "must") in order to then establish the casuistic structure (the "should") and, on the other hand, seeking an appropriate balance between cybersecurity and the promotion of technological development.

Next, a round table moderated by Bernardo Villazán, independent advisor at Indra and director of the Comillas ICAI Initiative on the Next Generation Industry, addressed key issues such as the new features introduced by the NIS2 Directive and the challenges faced by the administrative bodies of companies in the digital framework, which were presented by Elena Pérez Carrillo, lecturer in Commercial Law at the University of León.

Alejandro Padín Vidal, partner in charge of the Data Economy, Privacy and Cybersecurity area at Garrigues, provided his vision on governance based on risk analysis, risk management, the implementation of measures and their supervision. He also commented on the functions of the Data Protection Officer (DPO) and stressed the importance of protecting what he considers to be the most valuable asset in the digital ecosystem: information.

Javier Jarauta Sánchez, lecturer in the Department of Telematics and Computing and director of the Master's Degree in Cybersecurity at ICAI, proposed a shift in the approach to cybersecurity from viewing people as the weakest link in the chain to seeing them as the strongest. He also recalled how the number of incidents and cyber-attacks has only increased in recent years.

Finally, Gustavo Lozano García, Chief information Security Officer (CISO) at ING Spain and Portugal, commented on the role played by a CISO in a company. Their functions include standardising criteria, mapping out the strategy to be followed, defining regulations and guaranteeing the resilience of the banking infrastructure.

The day concluded with a question-and-answer session led by Bernardo Villazán, which opened the floor to debate and reflection, allowing the attendees to recapitulate what had been presented throughout the day. The session was brought to a close by Antonio Alonso Timón, Director of the Centre for Innovation in Law (CID-ICADE) and lecturer in Administrative Law, who called on the legal field to join in these efforts to improve corporate governance, taking as a reference the developments taking place in the legal-public sphere.